diff --git a/Shorewall-docs2/FTP.xml b/Shorewall-docs2/FTP.xml
index 8d53df062..74d15bd9c 100644
--- a/Shorewall-docs2/FTP.xml
+++ b/Shorewall-docs2/FTP.xml
@@ -15,7 +15,7 @@
- 2005-03-03
+ 2005-08-31
2003
@@ -38,6 +38,13 @@
+
+ This article applies to Shorewall 3.0 and
+ later. If you are running a version of Shorewall earlier than Shorewall
+ 3.0.0 then please see the documentation for that
+ release.
+
+
FTP Protocol
@@ -314,7 +321,15 @@ DNAT ACTION =
with 20 (ftp-data) in the PORT(S) column. If you post your rules on the
mailing list and they show 20 in the PORT(S) column, I will know that you
haven't read this article and I will either ignore your post or tell you
- to RTFM.
+ to RTFM.
+
+ Shorewall includes an FTP macro that simplifies creation of FTP
+ rules. The macro source is in
+ /usr/share/shorewall/macro.FTP. Using the macro is
+ the preferred way to generate the rules described above. Here are a couple
+ of examples.
+
+
Server running behind a Masquerading Gateway
Suppose that you run an FTP server on 192.168.1.5 in your local
@@ -322,13 +337,13 @@ DNAT ACTION =
#ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL
# PORT(S) DESTINATION
-FTP/DNAT net 192.168.1.5
+FTP/DNAT net loc:192.168.1.5
Allow your DMZ FTP access to the Internet
#ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL
# PORT(S) DESTINATION
-FTP/ACCEPT dmz net
+FTP/ACCEPT dmz net
Note that the FTP connection tracking in the kernel cannot handle