On Sun, 19 Apr 2009 14:02:38 -0400 "D.H." <[email protected]> wrote:
> I'd like to set up an ftp proxy on my home firewall so I can scan for > viruses using clamd. I found frox. Which looks like it will do what > I want. I've pretty much used the default install which makes frox > listen on 127.0.0.1:2121. But, I'm not sure the firewall rules are > working right. > > eth1 is the internal interface > > iptables -A FORWARD -p tcp -i eth1 --destination-port 2121 \ > --destination 127.0.0.1 -j ACCEPT > > iptables -t nat -A PREROUTING -p tcp -i eth1 --destination-port 21 \ > -j DNAT --to-destination 127.0.0.1:2121 > > Either that, or frox itself is having issues. Any ideas? While I'm > at it, is there an alternative to frox? > > > Hi, I believe this schema won't work because "DNAT" target rewrites the destination address in the IP packet headers. Therefore what frox receives is a sequence of packets with destination set to its own address. Try using the "REDIRECT" target which is supposed to rewrite the port fields only. -- Best regards, Daniel
