From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?Windows-1252?Q?Francisco_Andr=E9_Barbosa_Neto?= Subject: NAT Problems FTP (maybe a newbie question) Date: Wed, 19 Nov 2003 22:11:39 -0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <002201c3aefa$df26b9e0$0af2d3c8@admin1> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001F_01C3AEEA.1B49D670" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_001F_01C3AEEA.1B49D670 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi all, I've installed Slackware 9.1 in 2 diferent pc's, in 2 different = clients. These machines are doing nat to all the internal network. I'm = running only a single rule described below, but when any of the client = machines try to connect to any ftp site, the connection was ok but when = the user gives an ls command the server respond 500 ilegal command. I've checked all the modules (one of the machines are = running with all the iptables code compiled internally into the kernel, = not as module) and all is ok.=20 What is poosible to happening in this case, could anybody = give some hint! Thak's! All my firewall is: iptables -F iptables -t nat -F iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT = --to 200.X.X.X =20 ------------------------------------------------------ Francisco Andr=E9 Barbosa Neto fneto@connecton.com.br Connect On Internet Provider http://www.connecton.com.br Fone: 55-11-4655-2232 ------------------------------------------------------ ------=_NextPart_000_001F_01C3AEEA.1B49D670 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Hi all, I've installed Slackware 9.1 = in 2=20 diferent pc's, in 2 different clients. These machines are doing nat to = all the=20 internal network. I'm running only a single rule described below, but = when any=20 of the client machines try to connect to any ftp site, the connection = was ok but=20 when the user gives an ls command the server respond 500 ilegal command.

=20 I've checked all the modules (one of the machines are = running=20 with all the iptables code compiled internally into the = kernel, not as=20 module) and all is ok.

=20 What is poosible to happening in this case, could = anybody=20 give some hint!

=20 Thak's!

All my firewall is:

iptables -F

iptables -t nat -F

iptables -t nat -A POSTROUTING -s = 192.168.0.0/24 -d=20 0.0.0.0/0 -j SNAT --to 200.X.X.X

=20

------------------------------------------------------
Franci= sco Andr=E9=20 Barbosa Neto
fneto@connecton.com.br
Conn= ect On=20 Internet Provider
http://www.connecton.com.br
F= one:=20 55-11-4655-2232
------------------------------------------------------=

------=_NextPart_000_001F_01C3AEEA.1B49D670-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: Antony Stone Subject: Re: NAT Problems FTP (maybe a newbie question) Date: Thu, 20 Nov 2003 00:19:29 +0000 Sender: netfilter-admin@lists.netfilter.org Message-ID: <200311200019.hAK0JYj24159@agate.rockstone.co.uk> References: <002201c3aefa$df26b9e0$0af2d3c8@admin1> Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <002201c3aefa$df26b9e0$0af2d3c8@admin1> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="iso-8859-1" To: netfilter@lists.netfilter.org On Thursday 20 November 2003 12:11 am, Francisco Andr=E9 Barbosa Neto wro= te: > Hi all, I've installed Slackware 9.1 in 2 diferent pc's, in 2 different > clients. These machines are doing nat to all the internal network. I'm > running only a single rule described below, but when any of the client > machines try to connect to any ftp site, the connection was ok but when= the > user gives an ls command the server respond 500 ilegal command. > > iptables -F > iptables -t nat -F > > iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT -= -to > 200.X.X.X I would recommend that you specify the interface which packets are suppos= ed=20 to leave from in the above rule, just to make sure it applies only to tra= ffic=20 going out of your external interface: iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j = SNAT=20 --to 200.X.X.X (assuming eth0 is the external interface, with the 200.x.x.x address on i= t -=20 if not, insert the appropriate interface name instead). However, to get back to your question regarding why FTP isn't doing what = you=20 want, have you compiled support and/or loaded modules for FTP NAT and=20 Connection Tracking? Antony. --=20 In science, one tries to tell people in such a way as to be understood by everyone something that no-one ever knew before. In poetry, it is the exact opposite. - Paul Dirac Please reply to the = list; please don't C= C me. From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Francisco_Andr=E9_Barbosa_Neto?= Subject: NAT Problems FTP (maybe a newbie question) Date: Wed, 19 Nov 2003 21:49:30 -0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <02ea01c3aef7$c6d4dd20$0af2d3c8@admin1> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_02E7_01C3AEE7.031B3920" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_02E7_01C3AEE7.031B3920 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all, I've installed Slackware 9.1 in 2 diferent pc's, in = 2 different clients. These machines are doing nat to all the internal = network. I'm running only a single rule described below, but when any of = the client machines try to connect to any ftp site, the connection was = ok but when the user gives an ls command the server respond 500 ilegal = command. I've checked all the modules (one of the machines are = running with all the iptables code compiled internally into the kernel, = not as module) and all is ok.=20 What is poosible to happening in this case, could anybody = give some hint! Thak's! All my firewall is: iptables -F iptables -t nat -F iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT = --to 200.X.X.X =20 ------------------------------------------------------ Francisco Andr=E9 Barbosa Neto fneto@connecton.com.br Connect On Internet Provider http://www.connecton.com.br Fone: 55-11-4655-2232 ------------------------------------------------------ ------=_NextPart_000_02E7_01C3AEE7.031B3920 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

=20 Hi all, I've installed Slackware 9.1 in 2 = diferent pc's,=20 in 2 different clients. These machines are doing nat to all the internal = network. I'm running only a single rule described below, but when any of = the=20 client machines try to connect to any ftp site, the connection was ok = but when=20 the user gives an ls command the server respond 500 ilegal = command.

=20 I've checked all the modules (one of the machines are = running=20 with all the iptables code compiled internally into the = kernel, not as=20 module) and all is ok.

=20 What is poosible to happening in this case, could = anybody=20 give some hint!

=20 Thak's!

All my firewall is:

iptables -F

iptables -t nat -F

iptables -t nat -A POSTROUTING -s = 192.168.0.0/24 -d=20 0.0.0.0/0 -j SNAT --to 200.X.X.X

=20

------=_NextPart_000_02E7_01C3AEE7.031B3920-- From mboxrd@z Thu Jan 1 00:00:00 1970 From: skydive Subject: RE: NAT Problems FTP (maybe a newbie question) Date: Fri, 21 Nov 2003 13:06:52 +0000 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1069420012.3fbe0dec338d4@paris-hme1> Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="iso-8859-1" To: netfilter@lists.netfilter.org Cc: fneto@connecton.com.br hi franciso: i once had a trouble with ftp, because i was blocking - -syn, but fortunately i could figure a way out by=20 using PASV mode on my ftp clients. if you do not have any firewall rules i can not=20 imagine what your problem may be since, as you posted,=20 you got no firewalling rules. i can suggest the using of masquerading instead of=20 SNAT. give it a try: iptables -t nat -A POSTROUTING -o eth0 -s=20 192.168.0.0/24 -j MASQUERADE skydive! ------------------------------------------------- Email Enviado utilizando o servi=E7o MegaMail