--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
06-16-2008, 11:33 PM
Paul Johnson
configuration of a linux router
On Mon, 2008-06-16 at 16:01 -0700, peasthope@shaw.ca wrote:
> Folk,
>
> At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote,
> "... if you want to really understand it use
> shorewall after reading shorewall-doc."
>
> ipmasq works but I want to use shorewall.
>
> I wonder why rules are needed for FTP but not
> for POP3. In fact, a rule for POP3 produces a
> complaint about "... unknown protocol 'pop3' ...".
In an unusual move, the FTP server connects to the client: Two
connections are maintained instead of just one. You can force FTP to
just use the client to server connection by using passive mode, but
given that doing so makes some operations problematic, it's kind of a
last-resort mode.
--
Paul Johnson
baloo@ursine.ca
06-16-2008, 11:42 PM
Andrew Sackville-West
configuration of a linux router
On Mon, Jun 16, 2008 at 04:01:39PM -0700, peasthope@shaw.ca wrote:
> Folk,
>
> At Sun, 23 Mar 2008 20:27:40 -0400 Douglas A. Tutty wrote,
> "... if you want to really understand it use
> shorewall after reading shorewall-doc."
>
> ipmasq works but I want to use shorewall.
>
> I wonder why rules are needed for FTP but not
> for POP3. In fact, a rule for POP3 produces a
> complaint about "... unknown protocol 'pop3' ...".
that does not mean that a rule for POP3 is not needed. I don't
remember if shorewall is case sensitive, but I bet it is in the
context of defining a rule. maybe post the actual config line to
produces the error?
A
06-17-2008, 01:33 AM
configuration of a linux router
Paul & others,
At Mon, 16 Jun 2008 16:33:50 -0700 Paul Johnson wrote,
"... the FTP server connects to the client: Two
connections are maintained ..."
As I am aware, ssh uses only one connection but it
also gets ACCEPT rules. So I still don't understand why
some protocols, dns, ftp and ssh, need rules in
/etc/shorewall/rules while other protocols, pop,
smtp and http, do not. Does shorewall accept
the latter protocols by default? Seems contrary
to reason.
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
06-22-2008, 03:18 PM
configuration of a linux router
Andrew & others,
At Date: Mon, 16 Jun 2008 16:42:41 -0700 A.S-W. wrote,
"that does not mean that a rule for POP3 is not needed. I don't
remember if shorewall is case sensitive, but I bet it is in the
context of defining a rule. maybe post the actual config line to
produces the error?"
My /etc/shorewall/rules, with the offending rules for POP3
commented out, is now visible.
http://carnot.pathology.ubc.ca/rules
The report from shorewall.
http://carnot.pathology.ubc.ca/ShorewallReport
Equally peculiar: while the rule for SMTP is commented
out, a message can be sent from loc _via_ SMTP.
configuration of a linux router
