* SNAT FTP - HELP ME
@ 2003-04-08 16:26 Breno Cardoso Perucchi
0 siblings, 0 replies; 3+ messages in thread
From: Breno Cardoso Perucchi @ 2003-04-08 16:26 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 962 bytes --]
Hello,
This is my first mail to the list.
I've been trying to transport tcp 20:21 to out of my network with SNAT
iptables -t nat -A POSTROUTING -p tcp --dst 200.200.200.201 --dport 20:21 -j SNAT --to-source 192.168.2.1
This is my network
Firewall
eth0:200.100.100.100 (NAT to 192.168.2.0/24)
eth1:200.200.200.200 (Another Class the IP)
eth2:192.168.2.50 (LAN)
Server1 in Network 192.168.2.1
My firewall have this rule in the NAT
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to 200.100.100.100
This is my problem. I transport all ports of the ip 200.200.200.201 to the 192.168.2.1
iptables -t nat -A PREROUTING -p tcp -d 200.200.200.201 -j DNAT --to 192.168.2.1
But all the ports don't get out with IP 200.200.200.201 and yes with IP of Masquerade 200.100.100.100
My I need to resolved this .
Breno Cardoso Perucchi
breno@omegatec.net
Consultor - Omega Tecnologia
http://www.omegatec.net/
[-- Attachment #2: Type: text/html, Size: 1813 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* SNAT FTP - HELP ME
@ 2003-04-09 13:35 Breno Cardoso Perucchi
2003-04-09 14:18 ` xchris
0 siblings, 1 reply; 3+ messages in thread
From: Breno Cardoso Perucchi @ 2003-04-09 13:35 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 964 bytes --]
Hello,
This is my first mail to the list.
I've been trying to transport tcp 20:21 to out of my network with SNAT
iptables -t nat -A POSTROUTING -p tcp --dst 200.200.200.201 --dport 20:21 -j SNAT --to-source 192.168.2.1
This is my network
Firewall
eth0:200.100.100.100 (NAT to 192.168.2.0/24)
eth1:200.200.200.200 (Another Class the IP)
eth2:192.168.2.50 (LAN)
Server1 in Network 192.168.2.1
My firewall have this rule in the NAT
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to 200.100.100.100
This is my problem. I transport all ports of the ip 200.200.200.201 to the 192.168.2.1
iptables -t nat -A PREROUTING -p tcp -d 200.200.200.201 -j DNAT --to 192.168.2.1
But all the ports don't get out with IP 200.200.200.201 and yes with IP of Masquerade 200.100.100.100
My I need to resolved this .
Breno Cardoso Perucchi
breno@omegatec.net
Consultor - Omega Tecnologia
http://www.omegatec.net/
[-- Attachment #2: Type: text/html, Size: 1907 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: SNAT FTP - HELP ME
2003-04-09 13:35 SNAT FTP - HELP ME Breno Cardoso Perucchi
@ 2003-04-09 14:18 ` xchris
0 siblings, 0 replies; 3+ messages in thread
From: xchris @ 2003-04-09 14:18 UTC (permalink / raw)
To: Breno Cardoso Perucchi, netfilter
On Wednesday 09 April 2003 03:35 pm, Breno Cardoso Perucchi wrote:
> Hello,
>
> This is my first mail to the list.
> I've been trying to transport tcp 20:21 to out of my network with SNAT
> iptables -t nat -A POSTROUTING -p tcp --dst 200.200.200.201 --dport 20:21
> -j SNAT --to-source 192.168.2.1
you cannot use DNAT with ftp protocol due to the multi connection protocol.
If you redirect port 21 you redirect only the control connection and not the
data connection.
Consider using sftp.
bye
xchris
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-04-09 14:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-09 13:35 SNAT FTP - HELP ME Breno Cardoso Perucchi
2003-04-09 14:18 ` xchris
-- strict thread matches above, loose matches on Subject: below --
2003-04-08 16:26 Breno Cardoso Perucchi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox