- This topic is empty.
May 6, 2011 at 3:23 pm #42979
I’am testing your firewall and it’s great distrib. thank you
I trying multi-wan with succes BUT not with ftp in active mode 🙁 (PAssive mode is OK)
on virtual server i forward port tcp/up 20 and 21 but when ftp client trying my internal ftp server on ls command client have no response 🙁
zeroshell is working with ftp in active mode ? specific parameter
Thank you for your help !May 6, 2011 at 4:06 pm #51739athelingMember
At least on my ZS box (currently a beta12 install) the appropriate iptables connection tracking modules for FTP are installed. However there needs to be some rules in the iptables to allow the connections “related” to the FTP command connections for this to work.
I’ve not setup FTP through my ZS box so I can’t give you the exact setup, but if you do a web search for “iptables ftp” you’ll find some links telling you what the end result has to be. Then the next step is figuring out the changes in the ZS GUI that will end up with the same result.
I guess this is not a really useful reply, but it might get you started.May 6, 2011 at 5:25 pm #51740
hi, thx for your help,
But iptable ftp is not enough 🙁 … we have dualwan and in 2 weeks triwan … and i don’t find working example …May 6, 2011 at 8:08 pm #51741athelingMember
How do you have your firewall configured? Since the usual way to protect yourself is to setup input rule, I am assuming you’ve set something there…
I believe that if you have an entry at or near the top that is of the form:
ACCEPT all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
That the FTP data streams that are “related to” your FTP stream will be passed through.May 6, 2011 at 8:56 pm #51742
Sorry i just discover zeroshell, where in webgui (or shell ?) i can put this rules ?
(my config is just ‘default’ just confi gateway, load balance, forward port 20,21 to my FTP LAN server that’s all)
Edit : I trying add input (in firewall security menu) without succes 🙁
zeroshell show me this line :
ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED
(same like you line)
- You must be logged in to reply to this topic.