From: "Scott Taylor" <scott@dctchambers.com>
To: linux-admin@vger.kernel.org
Subject: Re: Running an ftp Server Behind a Router/Firewall
Date: Sun, 23 Mar 2003 08:09:57 -0800 (PST) [thread overview]
Message-ID: <1663.66.183.200.54.1048435797.squirrel@dctchambers.com> (raw)
In-Reply-To: <2239.192.168.0.3.1048351958.squirrel@www.goldenrain.net>
Artem Daniliants said:
> HI. Let me explain a bit more =)
I take it this doesn't work?
> On router I am using masquerade script which forwards 21 port connections
> to LAN computer with IP 192.168.0.3
>
> Here how it's done using iptables on the router:
>
> PORTFWIP="192.168.0.3"
>
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p udp --dport 21 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
Shouldn't this be "-p tcp"?
> $IPTABLES -A PREROUTING -t nat -p udp -d $EXTIP --dport 21 -j DNAT --to
> $PORTFWIP:21
Again... tcp not udp.
How about the reverse? ftp need to know where to go and how to get there:
$IPTABLES -t nat -A PREROUTING -d $EXTIP -p tcp --dport 21 \
-m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.0.3
Make sure you have default route on 192.168 machine set to your
gateway/firewall and it should just work. You can ping the outside world
from your ftp server right?
<snip mostly redundant and some useless info>
--
Scott
next prev parent reply other threads:[~2003-03-23 16:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-21 17:34 nmap and "filtered" ports urgrue
2003-03-21 18:27 ` Glynn Clements
2003-03-21 18:59 ` urgrue
2003-03-21 22:03 ` Glynn Clements
2003-03-21 22:25 ` Nathan
2003-03-22 1:40 ` Running an ftp Server Behind a Router/Firewall Marshall Lake
2003-03-22 8:33 ` Artem Daniliants
[not found] ` <Pine.LNX.4.10.10303220921460.17766-100000@mlake.net>
2003-03-22 16:52 ` Artem Daniliants
2003-03-23 16:09 ` Scott Taylor [this message]
2003-03-24 23:35 ` Marshall Lake
2003-03-25 1:10 ` Glynn Clements
-- strict thread matches above, loose matches on Subject: below --
2003-03-25 14:40 Marshall Lake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1663.66.183.200.54.1048435797.squirrel@dctchambers.com \
--to=scott@dctchambers.com \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).