ftp nat MAX PORTS

ftp nat MAX PORTS

[iansolo]

Hi All,
I've a problem with ftpserver behind a NAT.
My necessity is to run ftpserver in a different port then 21.
This is the situation:

Router
|
Firewall
|
Ftpserver

I use this modules ad pass these parameters :

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp ports=21,9000
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp ports=21,9000
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_state

The realtive iptables rules are only these:

$IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 9000 -j NAT 
--to-destination $IP_FTPSERVER:9000
$IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 9000 -j ACCEPT -d 
$IP_FTPSERVER

Unfortunately don't work!


VERY IMPORTANT :

- All work fine is the port is 21!!

- When I try to connect with my ftp-client(with port 9000), at a certain 
point I tray to send packets to local IP of firewall ($EXT_LAN_FW).....

Others Questions:

- In the source code of ip_conntrack_ftp there is a variable "MAX_PORTS",
but I don't understand what mean...
- What is "Patch-O-Matic" ?


Thanks a lot in advance!
iansolo

ps: excuse me, my English is poor

Re: ftp nat MAX PORTS

[iansolo]

Hi,
somebody have understand my problem?

thanks

iansolo wrote:
> Hi All,
> I've a problem with ftpserver behind a NAT.
> My necessity is to run ftpserver in a different port then 21.
> This is the situation:
> 
> Router
> |
> Firewall
> |
> Ftpserver
> 
> I use this modules ad pass these parameters :
> 
> /sbin/modprobe ip_tables
> /sbin/modprobe ip_conntrack
> /sbin/modprobe ip_conntrack_ftp ports=21,9000
> /sbin/modprobe iptable_nat
> /sbin/modprobe ip_nat_ftp ports=21,9000
> /sbin/modprobe ipt_MASQUERADE
> /sbin/modprobe ipt_state
> 
> The realtive iptables rules are only these:
> 
> $IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 9000 -j NAT 
> --to-destination $IP_FTPSERVER:9000
> $IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 9000 -j ACCEPT -d 
> $IP_FTPSERVER
> 
> Unfortunately don't work!
> 
> 
> VERY IMPORTANT :
> 
> - All work fine is the port is 21!!
> 
> - When I try to connect with my ftp-client(with port 9000), at a certain 
> point I tray to send packets to local IP of firewall ($EXT_LAN_FW).....
> 
> Others Questions:
> 
> - In the source code of ip_conntrack_ftp there is a variable "MAX_PORTS",
> but I don't understand what mean...
> - What is "Patch-O-Matic" ?
> 
> 
> Thanks a lot in advance!
> iansolo
> 
> ps: excuse me, my English is poor
> 
> 
> 
> 
> ________ Information from NOD32 ________
> This message was checked by NOD32 Antivirus System for Linux Mail Server.
> http://www.nod32.com

pom rpc and rsh patches

[Alexander Piavka]

 Hi, these patches have:
Requires: linux < 2.6.0
 in their info file, does that means that they can't be used on 2.6
kernels at all? If so is there a chance they will be ported to 2.6?

Thanks

Re: ftp nat MAX PORTS

[iansolo]

Ok, but my problem is redirect all from port 9000 of external 
interface(of fw) to same port of ftpserver.

$IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 9000 -j 
DNAT --to-destination $IP_FTPSERVER:9000

But this don't work with ftp flow...

Luis Nieto wrote:
> El Jue 03 Feb 2005 04:56, escribió:
> $IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 21 -j DNAT 
> --to-destination $IP_FTPSERVER:9000
>  
> In this way, all the requirements for FTP connections that arrives to your 
> extern interface should be redirected to $IP_FTPSERVER:9000
> 
> 
> ________ Information from NOD32 ________
> This message was checked by NOD32 Antivirus System for Linux Mail Server.
> http://www.nod32.com