ftp nat MAX PORTS

All of lore.kernel.org
 help / color / mirror / Atom feed

* ftp nat  MAX PORTS
@ 2005-02-02 16:32 iansolo
  2005-02-07 11:42 ` iansolo
       [not found] ` <bd35181c05020211473cb89b35@mail.gmail.com>
  0 siblings, 2 replies; 4+ messages in thread
From: iansolo @ 2005-02-02 16:32 UTC (permalink / raw)
  To: netfilter

Hi All,
I've a problem with ftpserver behind a NAT.
My necessity is to run ftpserver in a different port then 21.
This is the situation:

Router
|
Firewall
|
Ftpserver

I use this modules ad pass these parameters :

/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp ports=21,9000
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp ports=21,9000
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ipt_state

The realtive iptables rules are only these:

$IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 9000 -j NAT 
--to-destination $IP_FTPSERVER:9000
$IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 9000 -j ACCEPT -d 
$IP_FTPSERVER

Unfortunately don't work!


VERY IMPORTANT :

- All work fine is the port is 21!!

- When I try to connect with my ftp-client(with port 9000), at a certain 
point I tray to send packets to local IP of firewall ($EXT_LAN_FW).....

Others Questions:

- In the source code of ip_conntrack_ftp there is a variable "MAX_PORTS",
but I don't understand what mean...
- What is "Patch-O-Matic" ?


Thanks a lot in advance!
iansolo

ps: excuse me, my English is poor



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: ftp nat  MAX PORTS
  2005-02-02 16:32 ftp nat MAX PORTS iansolo
@ 2005-02-07 11:42 ` iansolo
  2005-02-07 12:49   ` pom rpc and rsh patches Alexander Piavka
       [not found] ` <bd35181c05020211473cb89b35@mail.gmail.com>
  1 sibling, 1 reply; 4+ messages in thread
From: iansolo @ 2005-02-07 11:42 UTC (permalink / raw)
  To: netfilter

Hi,
somebody have understand my problem?

thanks

iansolo wrote:
> Hi All,
> I've a problem with ftpserver behind a NAT.
> My necessity is to run ftpserver in a different port then 21.
> This is the situation:
> 
> Router
> |
> Firewall
> |
> Ftpserver
> 
> I use this modules ad pass these parameters :
> 
> /sbin/modprobe ip_tables
> /sbin/modprobe ip_conntrack
> /sbin/modprobe ip_conntrack_ftp ports=21,9000
> /sbin/modprobe iptable_nat
> /sbin/modprobe ip_nat_ftp ports=21,9000
> /sbin/modprobe ipt_MASQUERADE
> /sbin/modprobe ipt_state
> 
> The realtive iptables rules are only these:
> 
> $IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 9000 -j NAT 
> --to-destination $IP_FTPSERVER:9000
> $IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 9000 -j ACCEPT -d 
> $IP_FTPSERVER
> 
> Unfortunately don't work!
> 
> 
> VERY IMPORTANT :
> 
> - All work fine is the port is 21!!
> 
> - When I try to connect with my ftp-client(with port 9000), at a certain 
> point I tray to send packets to local IP of firewall ($EXT_LAN_FW).....
> 
> Others Questions:
> 
> - In the source code of ip_conntrack_ftp there is a variable "MAX_PORTS",
> but I don't understand what mean...
> - What is "Patch-O-Matic" ?
> 
> 
> Thanks a lot in advance!
> iansolo
> 
> ps: excuse me, my English is poor
> 
> 
> 
> 
> ________ Information from NOD32 ________
> This message was checked by NOD32 Antivirus System for Linux Mail Server.
> http://www.nod32.com



^ permalink raw reply	[flat|nested] 4+ messages in thread

* pom rpc and rsh patches
  2005-02-07 11:42 ` iansolo
@ 2005-02-07 12:49   ` Alexander Piavka
  0 siblings, 0 replies; 4+ messages in thread
From: Alexander Piavka @ 2005-02-07 12:49 UTC (permalink / raw)
  To: netfilter; +Cc: Marcelo Barbosa Lima, Ian.Latter

 Hi, these patches have:
Requires: linux < 2.6.0
 in their info file, does that means that they can't be used on 2.6
kernels at all? If so is there a chance they will be ported to 2.6?

Thanks

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <bd35181c05020211473cb89b35@mail.gmail.com>]

[parent not found: <4201D91A.5030500@betisgroup.com>]

[parent not found: <200502081011.46026.luismnieto@gmail.com>]

* Re: ftp nat MAX PORTS
       [not found]     ` <200502081011.46026.luismnieto@gmail.com>
@ 2005-02-08 13:54       ` iansolo
  0 siblings, 0 replies; 4+ messages in thread
From: iansolo @ 2005-02-08 13:54 UTC (permalink / raw)
  To: Luis Nieto, netfilter

Ok, but my problem is redirect all from port 9000 of external 
interface(of fw) to same port of ftpserver.

$IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 9000 -j 
DNAT --to-destination $IP_FTPSERVER:9000

But this don't work with ftp flow...

Luis Nieto wrote:
> El Jue 03 Feb 2005 04:56, escribió:
> $IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 21 -j DNAT 
> --to-destination $IP_FTPSERVER:9000
>  
> In this way, all the requirements for FTP connections that arrives to your 
> extern interface should be redirected to $IP_FTPSERVER:9000
> 
> 
> ________ Information from NOD32 ________
> This message was checked by NOD32 Antivirus System for Linux Mail Server.
> http://www.nod32.com



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2005-02-08 13:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-02 16:32 ftp nat MAX PORTS iansolo
2005-02-07 11:42 ` iansolo
2005-02-07 12:49   ` pom rpc and rsh patches Alexander Piavka
     [not found] ` <bd35181c05020211473cb89b35@mail.gmail.com>
     [not found]   ` <4201D91A.5030500@betisgroup.com>
     [not found]     ` <200502081011.46026.luismnieto@gmail.com>
2005-02-08 13:54       ` ftp nat MAX PORTS iansolo

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.