On 1/25/06, Nosferatu!!! <[EMAIL PROTECTED]> wrote: > > On Wed, Jan 25, 2006 at 09:17:18AM +0530, Abhishek Sawant wrote: > > On 1/24/06, Rajendra Rait <[EMAIL PROTECTED]> wrote: > > > > > > I tried this command it didn't work > > > > > > iptables -t nat -A PREROUTING -p tcp -d <external ip> --dport 21 -j > DNAT > > > --to <internal-ip>:21 > > > iptables -t nat -A PREROUTING -p tcp -d <external ip> --dport 20 -j > DNAT > > > --to <internal-ip>:20 > > > > > > > What do you mean that it didnt work ? > > what you tried ? > > what error you got ? > > what you did to check if its working or not ? > > Easy boy, he is trying. > > > have you refered man page of iptables ? > > I'm sure he has, what you both don't seem to understand is the FTP > protocol. Its not a simple protocol like HTTP or SMTP which you can > easily redirect and get away with. Even if one uses passive mode FTP, > the data connection port is decided by the FTP server. I don't know if > "ip_nat_ftp" and "ip_conntrack_ftp" will work. I have only tried it for > making FTP clients operate without barfing behind a NAT router. I'm sure > it can be done the other way round as well, I guess. What I definitely > have tried is `jftpgw' and it worked like a charm allowing FTP > forwarding in both directions i.e., LAN->NAT->Internet as well as > LAN<-NAT<-Internet. > > Nosferatu!!! > > -- > > An anthropologist at Tulane has just come back from a field trip to New > Guinea with reports of a tribe so primitive that they have Tide but not > new Tide with lemon-fresh Borax. > -- David Letterman > > > > Visit http://www.google.com/search?q=failure > > -- > http://mm.ilug-bom.org.in/mailman/listinfo/linuxers >
you raised valid point about "ip_nat_ftp" and "ip_conntrack_ftp" kernel modules. with these two even behind natted firewall passive ftp works fine. but atleast some one must get logged in without those modules and then cry for connect: Connection Refuse -- ------------------------------------------------------------------------------- AbhiSawa -- http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
