VsFTP And Shorewall

Dear all,

Dear support and users:
Sorry to trouble you! I configure the shorewall firewall to forward ftp and SSH port to another server, but failed. Can you help me check?
I cannot login both SSH 2222 and ftp!
Below is my environment: (attachment is shorewall dump)

1. Gateway (FC6)
1.1) eth0: LAN static IP: 192.168.1.20
1.2) eth1: external public static IP: 113.89.142.80
2.3) Shorewall-3.2.8 is running

2. FTP Server: (CentOS63, iptables and selinux are off)
2.1) eth0: lan static IP: 192.168.1.231
2.2) Open SSH port 22 and FTP port 20, 21 already (tested)
2.3) vsftp.conf : use default settings and it works for internal users

3. I want to forward internet access FTP and SSH to FTP Server:
3.1) 113.89.142.80: 20 -> 192.168.1.231:20 udp (FTP)
3.2) 113.89.142.80: 21 -> 192.168.1.231:21 tcp (FTP)
3.3) 113.89.142.80: 2222 -> 192.168.1.231:22 tcp (SSH)

4. Shorewall settings:
4.1 interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 113.89.142.255 norfc1918,arp_filte
lan eth0 detect arp_filter
ovpn tun0 -
#LAST LINE — ADD YOUR ENTRIES BEFORE THIS ONE — DO NOT REMOVE
4.2 zones
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
lan ipv4
ovpn ipv4
#LAST LINE – ADD YOUR ENTRIES ABOVE THIS ONE – DO NOT REMOVE
4.3 policy
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
fw all ACCEPT
lan net ACCEPT
lan fw ACCEPT
lan ovpn ACCEPT
ovpn lan ACCEPT
net all DROP
all all REJECT
#LAST LINE — DO NOT REMOVE
4.4 rules
#SECTION RELATED
SECTION NEW
ACCEPT all fw tcp ftp <<< it works for local FTP service (tested)
ACCEPT all fw udp ftp <<< it works for local FTP service ACCEPT all fw tcp 2222
ACCEPT all fw tcp ssh,domain Ping/ACCEPT net fw ACCEPT all fw tcp 5222
ACCEPT all fw udp 5222
ACCEPT:info all $FW tcp 22
DNAT net lan:192.168.1.231 tcp 21
DNAT net lan:192.168.1.231 udp 20
DNAT net lan:192.168.1.231:22 tcp 2222
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

5. # cat /proc/sys/net/ipv4/ip_forward
1

6. more /etc/sysconfig/iptables-config
IPTABLES_MODULES=”ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack_ftp”

Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
3 156 DNAT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:192.168.1.231
0 0 DNAT udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20 to:192.168.1.231
5 260 DNAT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:192.168.1.231:22

do you know what’s wrong?

Thanks and best regards!
Muiz

VsFTP And Shorewall

Trending Articles

Scuffham Amps - S-GEAR 2.6.0 VST, AAX, STANDALONE x86 x64 (R2R NO iLok2, +NO...

Practice Sheet of Right form of verbs for HSC Students

VHSE First (1st) Allotment 2025 - vhscap.kerala.gov.in

UNIVERSE LEAGUE – UNIVERSE LEAGUE – WAR (We Are Ready) – EP [iTunes Plus M4A]

City Hunter Teledrama – Episode 18 – 07th May 2016

Comment on Proposed Criteria for Identifying Predatory Conferences by Luke...

Bureau of Internal Revenue: Regional Offices (Directory)

Kendrick Lamar – Not Like Us (2024) [24Bit-88.2kHz] [PMEDIA] ⭐️

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

East Hull MD admits sexual assaults after another victim comes forward

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

R. v. Sargeant, 2023 ONSC 6406 (CanLII)

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

Who’s been sentenced at Northampton Magistrates’ Court

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

Family cries out as traditional ruler allegedly abducts brother, extorts N2.5m

Long-Running Conflict In Springfield (MA) Gangland Sphere Has Manzi Family &...

Wondershare Filmora X v10.1.20.16 x64

Man arrested after fracas in flat

Man charged in ongoing Sexual Assault Investigation Derek Nyilas, 46, Faces...