Nosferatu!!! wrote:
On Wed, Jan 25, 2006 at 09:17:18AM +0530, Abhishek Sawant wrote:
On 1/24/06, Rajendra Rait <[EMAIL PROTECTED]> wrote:
I tried this command it didn't work
iptables -t nat -A PREROUTING -p tcp -d <external ip> --dport 21 -j DNAT
--to <internal-ip>:21
iptables -t nat -A PREROUTING -p tcp -d <external ip> --dport 20 -j DNAT
--to <internal-ip>:20
I'm sure he has, what you both don't seem to understand is the FTP
protocol. Its not a simple protocol like HTTP or SMTP which you can
easily redirect and get away with. Even if one uses passive mode FTP,
the data connection port is decided by the FTP server. I don't know if
"ip_nat_ftp" and "ip_conntrack_ftp" will work. I have only tried it for
making FTP clients operate without barfing behind a NAT router. I'm sure
it can be done the other way round as well, I guess. What I definitely
have tried is `jftpgw' and it worked like a charm allowing FTP
forwarding in both directions i.e., LAN->NAT->Internet as well as
LAN<-NAT<-Internet.
Nosferatu!!!
In addition to the rules given above, you also have to make your
firewall stateful to allow related and established connections. Make
keep state rules for the filter and the nat table as well.
--
Manish
--
http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
