On Mon, 2011-03-07 at 19:12 -0500, robert mckennon wrote: > > The ssh stuff is working, I can only ssh to the box from the private network,
Ok > but if I try and ftp to the external adx (173.165.202.120) it times > out. (give it a try) Well all your iptables rules are to a different address, bit confused there. I assume you have something mapping the above address to the other specified in the iptables rules. Maybe you have the wrong destination address in the rules? You wanted 173.165.202.12 instead of 10.11.248.119. Also you might want PAT vs NAT iptables -t nat -A PREROUTING -i eth1 -d 173.165.202.120 -p TCP --dport 20:21 -j DNAT --to 10.11.248.119 iptables -t nat -A POSTROUTING -o eth1 -s 10.11.248.119 -j SNAT --to 173.165.202.120 FYI your nat rule is using the wrong interface, its using eth0, which is lan. You want to NAT lan to wan, so that would be eth1. NAT anything coming from lan/eth0, to wan/eth1 address. But that nat rule will let any machine masquerade, not just the FTP server. Also doesn't handle inbound translations, just outbound. You need the first rule above for inbound PAT/NAT. The outbound can be done either way. I just like to specify what LAN IP maps to what public/WAN IP. If your dealing with an IP block will probably want that. Or to prevent machines you don't want from being able to reach the outside world. -- William L. Thomson Jr. Obsidian-Studios, Inc. http://www.obsidian-studios.com --------------------------------------------------------------------- Archive http://marc.info/?l=jaxlug-list&r=1&w=2 RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml Unsubscribe [email protected]
