* NAT Problems FTP (maybe a newbie question)
@ 2003-11-19 23:49 Francisco André Barbosa Neto
0 siblings, 0 replies; 4+ messages in thread
From: Francisco André Barbosa Neto @ 2003-11-19 23:49 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1059 bytes --]
Hi all, I've installed Slackware 9.1 in 2 diferent pc's, in 2 different clients. These machines are doing nat to all the internal network. I'm running only a single rule described below, but when any of the client machines try to connect to any ftp site, the connection was ok but when the user gives an ls command the server respond 500 ilegal command.
I've checked all the modules (one of the machines are running with all the iptables code compiled internally into the kernel, not as module) and all is ok.
What is poosible to happening in this case, could anybody give some hint!
Thak's!
All my firewall is:
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT --to 200.X.X.X
------------------------------------------------------
Francisco André Barbosa Neto
fneto@connecton.com.br
Connect On Internet Provider
http://www.connecton.com.br
Fone: 55-11-4655-2232
------------------------------------------------------
[-- Attachment #2: Type: text/html, Size: 2416 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* NAT Problems FTP (maybe a newbie question)
@ 2003-11-20 0:11 Francisco André Barbosa Neto
2003-11-20 0:19 ` Antony Stone
0 siblings, 1 reply; 4+ messages in thread
From: Francisco André Barbosa Neto @ 2003-11-20 0:11 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1047 bytes --]
Hi all, I've installed Slackware 9.1 in 2 diferent pc's, in 2 different clients. These machines are doing nat to all the internal network. I'm running only a single rule described below, but when any of the client machines try to connect to any ftp site, the connection was ok but when the user gives an ls command the server respond 500 ilegal command.
I've checked all the modules (one of the machines are running with all the iptables code compiled internally into the kernel, not as module) and all is ok.
What is poosible to happening in this case, could anybody give some hint!
Thak's!
All my firewall is:
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT --to 200.X.X.X
------------------------------------------------------
Francisco André Barbosa Neto
fneto@connecton.com.br
Connect On Internet Provider
http://www.connecton.com.br
Fone: 55-11-4655-2232
------------------------------------------------------
[-- Attachment #2: Type: text/html, Size: 2359 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: NAT Problems FTP (maybe a newbie question)
2003-11-20 0:11 Francisco André Barbosa Neto
@ 2003-11-20 0:19 ` Antony Stone
0 siblings, 0 replies; 4+ messages in thread
From: Antony Stone @ 2003-11-20 0:19 UTC (permalink / raw)
To: netfilter
On Thursday 20 November 2003 12:11 am, Francisco André Barbosa Neto wrote:
> Hi all, I've installed Slackware 9.1 in 2 diferent pc's, in 2 different
> clients. These machines are doing nat to all the internal network. I'm
> running only a single rule described below, but when any of the client
> machines try to connect to any ftp site, the connection was ok but when the
> user gives an ls command the server respond 500 ilegal command.
>
> iptables -F
> iptables -t nat -F
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT --to
> 200.X.X.X
I would recommend that you specify the interface which packets are supposed
to leave from in the above rule, just to make sure it applies only to traffic
going out of your external interface:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT
--to 200.X.X.X
(assuming eth0 is the external interface, with the 200.x.x.x address on it -
if not, insert the appropriate interface name instead).
However, to get back to your question regarding why FTP isn't doing what you
want, have you compiled support and/or loaded modules for FTP NAT and
Connection Tracking?
Antony.
--
In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.
In poetry, it is the exact opposite.
- Paul Dirac
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: NAT Problems FTP (maybe a newbie question)
@ 2003-11-21 13:06 skydive
0 siblings, 0 replies; 4+ messages in thread
From: skydive @ 2003-11-21 13:06 UTC (permalink / raw)
To: netfilter; +Cc: fneto
hi franciso:
i once had a trouble with ftp, because i was blocking -
-syn, but fortunately i could figure a way out by
using PASV mode on my ftp clients.
if you do not have any firewall rules i can not
imagine what your problem may be since, as you posted,
you got no firewalling rules.
i can suggest the using of masquerading instead of
SNAT. give it a try:
iptables -t nat -A POSTROUTING -o eth0 -s
192.168.0.0/24 -j MASQUERADE
skydive!
-------------------------------------------------
Email Enviado utilizando o serviço MegaMail
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-11-21 13:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-19 23:49 NAT Problems FTP (maybe a newbie question) Francisco André Barbosa Neto
-- strict thread matches above, loose matches on Subject: below --
2003-11-20 0:11 Francisco André Barbosa Neto
2003-11-20 0:19 ` Antony Stone
2003-11-21 13:06 skydive
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox