RE: NAT machines cant do 'dir' after connecting to FTP

[Sneppe Filip]

Title: RE: NAT machines cant do 'dir' after connecting to FTP

you need to do modprobe ip_nat_ftp


-----Original Message-----
From:   Neil Aggarwal [mailto:[EMAIL PROTECTED]]
Sent:   Mon 3/06/2002 17:30
To:     netfilter
Cc:    
Subject:        NAT machines cant do 'dir' after connecting to FTP
Hello:

I have this setup:
        Internet --- Linux Server --- Switch --- Internal Machines

The Linux server has a set of public IP addresses, lets
say 11.22.33.44 thru 11.22.33.99.  These are mapped
using NAT to the internal machines running static IP
addresses of 192.168.1.44 thru 192.168.1.99.

I can ftp from an internal machine and connect to an
external server.  I can give it a user name and password
and login successfully, but when I try to type dir or
ls, the ftp client sits for a long time
and then I get a message:
 425 Not able to open data connection.

Here are the commands that I used:
        # Load the conntrack ftp module
      /sbin/modprobe ip_conntrack_ftp

      # Flush any existing rules
      /sbin/iptables -F
      /sbin/iptables -t nat -F

        # Set the default policies to ACCEPT all packets
      /sbin/iptables -P INPUT ACCEPT
      /sbin/iptables -P OUTPUT ACCEPT
      /sbin/iptables -P FORWARD ACCEPT
      /sbin/iptables -t nat -P PREROUTING ACCEPT
      /sbin/iptables -t nat -P POSTROUTING ACCEPT

      # Turn on forwarding
      echo "1" > /proc/sys/net/ipv4/ip_forward

        # Set-up routing to allow NAT of the internal machines (I did these
        # three commands foe each of the internal machines)
      /sbin/ifconfig eth0:n 11.22.33.n netmask $NETMASK broadcast $BCAST
      /sbin/iptables -t nat -A PREROUTING -d 11.22.33.n -j DNAT --to
192.168.1.n
      /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.n -j SNAT --to
11.22.33.n

Any ideas??

Thanks,
        Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases