From: mikhalich123 <mikhalich123@gmail.com>
To: netfilter@vger.kernel.org
Subject: FTP behind NAT on a non-standard port
Date: Sun, 31 Jan 2021 19:09:17 +0300 [thread overview]
Message-ID: <1158703871.20210131190917@gmail.com> (raw)
Hello
Gateway to Debian 7.11 (3.2.0-4-686-pae), iptables v1.4.14.
external interface ip: 1.1.1.1
internal interface ip: 192.168.1.1
An ftp server works inside the local network, for which you need to organize access from the outside.
ip ftp server on the internal network: 192.168.1.55
Port of ftp server on internal network: 51
Lsmod output | grep ftp
nf_nat_ftp 12 420 0
nf_conntrack_ftp 12533 2 nf_nat_ftp
nf_nat 17913 2 iptable_nat, nf_nat_ftp
nf_conntrack 43121 9 nf_conntrack_ipv4, nf_nat, iptable_nat, xt_conntrack, xt_state, nf_conntrack_ftp, nf_nat_ftp, xt_CT, nf_conntrack_netlink
It doesn't work like this:
iptables -t raw -A PREROUTING --dst 1.1.1.1 -p tcp --dport 55555 -j CT --helper ftp
iptables -t nat -A PREROUTING -i ext --dst 1.1.1.1 -p tcp --dport 55555 -j DNAT --to-destination 192.168.1.55:51
The control connection opens, but there is no data flow. conntrack -E expect shows nothing.
If we change so that the ftp server port is standard (ftp server settings and iptables settings), then everything works:
iptables -t nat -A PREROUTING -i ext --dst 1.1.1.1 -p tcp --dport 55555 -j DNAT --to-destination 192.168.1.55:21
Please tell me what settings are needed to make available an ftp server running on a non-standard port?
next reply other threads:[~2021-01-31 16:09 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-31 16:09 mikhalich123 [this message]
2021-01-31 17:21 ` FTP behind NAT on a non-standard port Frank Myhr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1158703871.20210131190917@gmail.com \
--to=mikhalich123@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox