extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

A little editing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2603 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-31 14:40:40 +00:00
parent 1326245312
commit 81ae1bf7f6
1 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Shorewall-docs2/FTP.xml
View File

@ -15,7 +15,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2005-03-03</pubdate> <pubdate>2005-08-31</pubdate>
<copyright> <copyright>
<year>2003</year> <year>2003</year>
@ -38,6 +38,13 @@
</legalnotice> </legalnotice>
</articleinfo> </articleinfo>
<caution>
<para><emphasis role="bold">This article applies to Shorewall 3.0 and
later. If you are running a version of Shorewall earlier than Shorewall
3.0.0 then please see the documentation for that
release.</emphasis></para>
</caution>
<section> <section>
<title>FTP Protocol</title> <title>FTP Protocol</title>
@ -314,7 +321,15 @@ DNAT ACTION =
with 20 (ftp-data) in the PORT(S) column. If you post your rules on the with 20 (ftp-data) in the PORT(S) column. If you post your rules on the
mailing list and they show 20 in the PORT(S) column, I will know that you mailing list and they show 20 in the PORT(S) column, I will know that you
haven't read this article and I will either ignore your post or tell you haven't read this article and I will either ignore your post or tell you
to RTFM.<example> to RTFM.</para>
<para>Shorewall includes an FTP macro that simplifies creation of FTP
rules. The macro source is in
<filename>/usr/share/shorewall/macro.FTP</filename>. Using the macro is
the preferred way to generate the rules described above. Here are a couple
of examples.</para>
<para><example>
<title>Server running behind a Masquerading Gateway</title> <title>Server running behind a Masquerading Gateway</title>
<para>Suppose that you run an FTP server on 192.168.1.5 in your local <para>Suppose that you run an FTP server on 192.168.1.5 in your local
@ -322,13 +337,13 @@ DNAT ACTION =
<programlisting>#ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL <programlisting>#ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL
# PORT(S) DESTINATION # PORT(S) DESTINATION
FTP/DNAT net 192.168.1.5</programlisting> FTP/DNAT net loc:192.168.1.5</programlisting>
</example><example> </example><example>
<title>Allow your DMZ FTP access to the Internet</title> <title>Allow your DMZ FTP access to the Internet</title>
<programlisting>#ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL <programlisting>#ACTION SOURCE DESTINATION PROTO PORT(S) SOURCE ORIGINAL
# PORT(S) DESTINATION # PORT(S) DESTINATION
FTP/ACCEPT dmz net</programlisting> FTP/ACCEPT dmz net</programlisting>
</example></para> </example></para>
<para>Note that the FTP connection tracking in the kernel cannot handle <para>Note that the FTP connection tracking in the kernel cannot handle