Quoting Oswald Buddenhagen <[EMAIL PROTECTED]>: > > Quick question as I haven't really used ipmasq that much. What > ipchains > > rules would I add in order to have an ftpd running on port 5510 on > 10.1.1.5 > > accessible from outside the internal network. I realize I have to > forward > > both 5510 and 5509 but I'm not sure how to go about it. > > > i don't know, if there are ways around it, but the masqerading-howto > clearly states, that it is basically impossible to access hosts on the > inner network from outside. masq-ing allows only outgoing connections.
IPMASQADM has a PORTFW "module" available. These are the commands I'm using to forward ftp to an internal ftp server. The FTP-DATA works typically in reverse direction of the control connection. /usr/sbin/ipmasqadm portfw -a -P tcp -L 24.17.57.58 21 -R 10.1.1.3 21 /sbin/ipchains -A input -j ACCEPT -i eth1 -s 24.17.57.58 -l -p tcp -d 0.0.0.0/0 21 It works well for me, but of course I'm not using ftp on a different port. -- John Kramer [EMAIL PROTECTED]
