allright, i now have a problem that i cant understand. im runnin 2.4.0-t7 with the netfilter package. my firewall is forwarding my ftp connections on port 2345 on into my masq'd ftp server runing on a high port (5500).
most people are able to access my ftp through the firewall with no problems, but some are having nothing but problems. after a little investigation i have found that the people who are having problems are users who themselves are masq'd behind which ever type of connection they have. in therory i belive that this should have no bearing on the connection, becasue that is what NAT is desigined to accomplish but these people are not able to estabolish a data connection at all. now i have instructed them to try both PASV and no PASV with still no results. does anyone have any ideas on how to fix this? now my setup is fairly straightfoward. i got a firewall listening on port 2345 which forwards to port 5500 on a seperate masq'd box. im using a prerouting rule for that. # FTP traffic on into internal hosts echo " - Forwarding all FTP traffic on $EXTIP1 to $SSERV02" /sbin/iptables -t nat -A PREROUTING -p tcp -d $EXTIP1 --dport 2345 -j DNAT --to $PORTFWIP1:5500 then later i specify that tha host has nat access with a postrouting rule echo " - Allowing Secured Server $PORTFWIP1 SNAT Support" /sbin/iptables -t nat -A POSTROUTING -o $EXTIF -s $PORTFWIP1 -j SNAT --to $EXTIP1 thats about it. i am thuroghly confused. b/c most users can connect and ul/dl just fine, but the users who themselves are using some form of NAT can connect, but they are unable to estabolish a data connection. thanks mike
