Re: FTP Forwarding

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Test Mail" <testmail@peterpaul.com.ph>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: FTP Forwarding
Date: Fri, 14 Jan 2005 16:57:02 +0800	[thread overview]
Message-ID: <001301c4fa17$03de2b20$0200a8c0@etpi> (raw)
In-Reply-To: 1104255053.7318.28.camel@hubcap.ljm.dom

Hi!Can i have a follow up question regarding FTP server inside internal LAN
which can be seen in the internet.....
now what if the scenario is i want to restrict a specific Public IP Address
in using my FTP what will be the rules that i should  apply?

I was thinking of setting up a rule that will filter incomming Public IP
Address request for ftp before it forwards it into my internal FTP Server.

Below are the sample entry in my iptables:
iptables -t filter -A INPUT -p tcp -s $PublicIPAdd --dport 20:21 -j ACCEPT
<--- is this correct?
iptables -t filter -A INPUT -j DROP

Below are the previous solution that you gave.

modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

 iptables -t nat -A PREROUTING -i $EXT_IF -p tcp -d 202.147.167.99 \
   --dport 21 -j DNAT --to-destination 192.168.0.5

 iptables -A FORWARD -i $EXT_IF -o $INT_IF -p tcp --syn -d 192.168.0.5 \
   --dport 21 -j ACCEPT

 the above assumes you have a rule in FORWARD that accepts established
 packets, such as:

 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

 hth...

 -j

Thanks in advance!
Milo

----- Original Message -----
From: "Jason Opperisano" <opie@817west.com>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, December 29, 2004 01:30 AM
Subject: Re: FTP Forwarding


> On Tue, 2004-12-28 at 12:19, umar draz wrote:
> > Hi Dear Members!
> >
> >   i have linux machine which configured as a router
> >
> >   my linux router has 2 NIC one with Public ip 202.147.167.99 and other
is local ip 192.168.0.1
> >   i have a another linux machine which configured as a FTP server and
that machine ip is 192.168.0.5. Now i want my this ftp server can be access
all world. so what kind of iptables rules will be add on linux router that
if some one want to access ftp 202.147.167.99 its automaticaly forward or
redirect my local machine 192.168.0.5.
> >
> >  Please help me in this regard
> >
> > Thanks
> >
> > Umar
>
> modprobe ip_conntrack_ftp
> modprobe ip_nat_ftp
>
> iptables -t nat -A PREROUTING -i $EXT_IF -p tcp -d 202.147.167.99 \
>   --dport 21 -j DNAT --to-destination 192.168.0.5
>
> iptables -A FORWARD -i $EXT_IF -o $INT_IF -p tcp --syn -d 192.168.0.5 \
>   --dport 21 -j ACCEPT
>
> the above assumes you have a rule in FORWARD that accepts established
> packets, such as:
>
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> hth...
>
> -j
>
> --
> "Well, I'm tired of being a wannabe league bowler. I wanna be a
>  league bowler!"
> --The Simpsons
>
>

next prev parent reply	other threads:[~2005-01-14  8:57 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-28 17:19 FTP Forwarding umar draz
2004-12-28 17:30 ` Jason Opperisano
2005-01-14  8:57   ` Test Mail [this message]
2005-01-14 11:38     ` Deepak Seshadri
2005-01-14 14:27       ` Jason Opperisano
2005-01-14 14:43         ` Deepak Seshadri
2005-01-14 14:23     ` Jason Opperisano
2005-01-17  7:31       ` TestMail
2005-01-18 16:40         ` Jason Opperisano
  -- strict thread matches above, loose matches on Subject: below --
2005-01-18 15:49 Hudson Delbert J Contr 61 CS/SCBN
     [not found] <FD8F124A387AD6119F7900A0D218B321541403@hslex01.hslbz.local>
2002-11-22 12:02 ` Rob Sterenborg
2002-11-22 13:02   ` Roy Sigurd Karlsbakk
2002-11-22 10:08 Bantam
2002-11-22 10:24 ` Alexey Sheshka
2002-11-22 10:26 ` Alexey Sheshka
2002-11-22 10:31 ` Stewart Thompson
2002-11-22 10:37   ` Wasim Bashir
2002-11-22 11:08     ` Stewart Thompson
2002-11-22 11:47       ` Wasim Bashir
2002-11-22 10:34 ` Rob Sterenborg
2002-11-22 11:53 ` Erdal Mutlu
2002-11-18  9:47 ftp forwarding Wasim Bashir

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='001301c4fa17$03de2b20$0200a8c0@etpi' \
    --to=testmail@peterpaul.com.ph \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.