[Shorewall-users] tcrules' HELPERs are not helping

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello

With the following in my tcrules I can log in to my ftp site:
####################################################################
#MARK   SOURCE          DEST            PROTO   DEST    SOURCE  USER
    TEST    LENGTH  TOS   CONNBYTES         HELPER
#                                               PORT(S) PORT(S)
3       $FW             0.0.0.0/0       tcp     21

But I cannot ls or get.  Of course I need more than just a control
connection.

So I try the following in my tcrules:
####################################################################
#MARK   SOURCE          DEST            PROTO   DEST    SOURCE  USER
    TEST    LENGTH  TOS   CONNBYTES         HELPER
#                                               PORT(S) PORT(S) 
3       $FW             0.0.0.0/0       -       -       -       -
    -       -       -       -               ftp

Which does not work at all.

A shorewall iptrace reveals that with the above tcrules (with the
helper) packets are not marked.

So, um, how should I be using my ftp helper to mark packets?

Regards

Fog_Watch.

# lsmod | grep ftp
nf_nat_tftp             1301  0 
nf_nat_ftp              2267  0 
nf_conntrack_tftp       3810  1 nf_nat_tftp
nf_conntrack_ftp        6177  1 nf_nat_ftp
nf_nat                 14504  7
nf_nat_sip,ipt_REDIRECT,ipt_NETMAP,ipt_MASQUERADE,nf_nat_tftp,nf_nat_ftp,iptable_nat
nf_conntrack           52369  21
nf_nat_sip,xt_connlimit,ipt_MASQUERADE,ipt_CLUSTERIP,nf_nat_tftp,nf_nat_snmp_basic,nf_nat_ftp,nf_conntrack_sane,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_proto_sctp,nf_conntrack_netlink,nf_conntrack_ftp,xt_helper,xt_conntrack,xt_CONNMARK,xt_connmark,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4