[rlug] Re: ftp dnat

Wed, 29 Oct 2003 04:49:18 -0800 

Daniel Pavel wrote:

>Laurentiu STEFAN wrote:
>
>  
>
>>Cata vreme ai DNAT, daca e configurat bine... nu au cum sa ramana pachetele
>>acolo...
>>Asta dupa parerea mea... :D
>>    
>>
>
>Si ce inseamna configurat bine?  Sunt cam incepator la capitolul iptables.
>
>Regulile pe care le aplic acum sunt:
>
>iptables -t nat -A PREROUTING -d firewall -p TCP --dport ftp -j DNAT 
>--to internal_ftp
>iptables -t nat -A PREROUTING -d firewall -p TCP --dport 2121 -j DNAT 
>--to internal_ftp
>
>Adica folosesc doar 2121 ca port de date.
>
>Din cate am inteles, ip_conntrack_ftp si ip_nat_ftp ar trebui sa ma 
>scuteasca de a doua regula.  But it doesn't work.
>
>What am I doing wrong?
>  
>
Probabil filtrezi in chain-ul FORWARD. Insereaza regula asta ca prima 
regula :
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT



--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

Raspunde prin e-mail lui