From: mikhalich123 <mikhalich123@gmail.com>
To: netfilter@vger.kernel.org
Subject: FTP behind NAT on a non-standard port
Date: Sun, 31 Jan 2021 19:09:17 +0300 [thread overview]
Message-ID: <1158703871.20210131190917@gmail.com> (raw)
Hello
Gateway to Debian 7.11 (3.2.0-4-686-pae), iptables v1.4.14.
external interface ip: 1.1.1.1
internal interface ip: 192.168.1.1
An ftp server works inside the local network, for which you need to organize access from the outside.
ip ftp server on the internal network: 192.168.1.55
Port of ftp server on internal network: 51
Lsmod output | grep ftp
nf_nat_ftp 12 420 0
nf_conntrack_ftp 12533 2 nf_nat_ftp
nf_nat 17913 2 iptable_nat, nf_nat_ftp
nf_conntrack 43121 9 nf_conntrack_ipv4, nf_nat, iptable_nat, xt_conntrack, xt_state, nf_conntrack_ftp, nf_nat_ftp, xt_CT, nf_conntrack_netlink
It doesn't work like this:
iptables -t raw -A PREROUTING --dst 1.1.1.1 -p tcp --dport 55555 -j CT --helper ftp
iptables -t nat -A PREROUTING -i ext --dst 1.1.1.1 -p tcp --dport 55555 -j DNAT --to-destination 192.168.1.55:51
The control connection opens, but there is no data flow. conntrack -E expect shows nothing.
If we change so that the ftp server port is standard (ftp server settings and iptables settings), then everything works:
iptables -t nat -A PREROUTING -i ext --dst 1.1.1.1 -p tcp --dport 55555 -j DNAT --to-destination 192.168.1.55:21
Please tell me what settings are needed to make available an ftp server running on a non-standard port?
next reply other threads:[~2021-01-31 16:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-31 16:09 mikhalich123 [this message]
2021-01-31 17:21 ` FTP behind NAT on a non-standard port Frank Myhr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1158703871.20210131190917@gmail.com \
--to=mikhalich123@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.