From: "Travis Crook" <travis@visionsbeyond.com>
To: netfilter@lists.samba.org
Subject: ftp forward to internal machine
Date: Tue, 4 Jun 2002 16:00:13 -0600 [thread overview]
Message-ID: <009201c20c13$347b4140$6702a8c0@mindtrip.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 958 bytes --]
Hello everyone,
I have a firewall configured to forward port 80 traffic to an internal machine. I was wondering if the same thing is possible with ftp traffic. The rules I am using are as follows:
iptables -A PREROUTING -t nat -i EXTINF -p tcp -d 1.2.3.4 --dport 21 -j DNAT --to 192.168.2.5:21
iptables -A FORWARD -i EXTINF -p tcp -d 192.168.2.5 --dport 21 ACCEPT
iptables -A FORWARD -i EXTINF -o INTIF -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -i EXTINF -p tcp --dport 21 -d 1.2.3.4 -j DNAT --to-destination 192.168.2.5:21
iptables -t nat -A POSTROUTING -o INTIF -p tcp --dport 21 -d 192.168.2.5 -j SNAT --to-source 192.168.2.254
I can connect to the ftp server but then I cannot establish a data channel between the client and the server.
Any help would be appreciated. If you want to see output of anything I can include it.
Thanks
Travis Crook
Visions Beyond
[-- Attachment #2: Type: text/html, Size: 1558 bytes --]
next reply other threads:[~2002-06-04 22:00 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-04 22:00 Travis Crook [this message]
2002-06-04 22:12 ` ftp forward to internal machine Antony Stone
2002-06-04 22:17 ` Travis Crook
2002-06-04 22:26 ` Antony Stone
2002-06-04 22:29 ` Travis Crook
-- strict thread matches above, loose matches on Subject: below --
2002-06-04 22:23 Omar Castaneda Acosta
2002-06-04 22:24 Omar Castaneda Acosta
2002-06-04 22:29 ` Antony Stone
2002-06-04 22:32 ` Tom Eastep
2002-06-04 22:38 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='009201c20c13$347b4140$6702a8c0@mindtrip.com' \
--to=travis@visionsbeyond.com \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.