* Re: FTP access from outside
[not found] <200505051437.j45EbauW006066@eden.inf.ed.ac.uk>
@ 2005-05-05 14:48 ` Dimitri Yioulos
2005-05-05 15:06 ` Daniel Wittenberg
[not found] ` <d5e96bf205050604367aef4e3a@mail.gmail.com>
1 sibling, 1 reply; 6+ messages in thread
From: Dimitri Yioulos @ 2005-05-05 14:48 UTC (permalink / raw)
To: netfilter
On Thursday May 5 2005 10:37 am, you wrote:
> > What have I missed (or messed up)?
>
> You have the ip_conntrack_ftp and ip_nat_ftp modules loaded? And a rule to
> pass ESTABLISHED and RELATED?
George,
I beleive I have the rule to pass ESTABLISHED and RELATED, but an lsmod shows
I don't have the ip_nat_ftp modules loaded. Would load that by doing an
"insmod /dirwhereitlives/ip_nat_ftp.o"?
Thanks.
Dimitri
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: FTP access from outside
2005-05-05 14:48 ` FTP access from outside Dimitri Yioulos
@ 2005-05-05 15:06 ` Daniel Wittenberg
2005-05-05 15:18 ` Dimitri Yioulos
0 siblings, 1 reply; 6+ messages in thread
From: Daniel Wittenberg @ 2005-05-05 15:06 UTC (permalink / raw)
To: Dimitri Yioulos; +Cc: netfilter
On Thu, 2005-05-05 at 10:48 -0400, Dimitri Yioulos wrote:
> On Thursday May 5 2005 10:37 am, you wrote:
> > > What have I missed (or messed up)?
> >
> > You have the ip_conntrack_ftp and ip_nat_ftp modules loaded? And a rule to
> > pass ESTABLISHED and RELATED?
>
> George,
>
> I beleive I have the rule to pass ESTABLISHED and RELATED, but an lsmod shows
> I don't have the ip_nat_ftp modules loaded. Would load that by doing an
> "insmod /dirwhereitlives/ip_nat_ftp.o"?
Just use 'modprobe ip_nat_ftp' in cases like this. You don't need to
specify the whole path to loading modules. You'll also get errors using
insmod if there are dependencies not loaded.
Dan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: FTP access from outside
2005-05-05 15:06 ` Daniel Wittenberg
@ 2005-05-05 15:18 ` Dimitri Yioulos
2005-05-06 9:37 ` Jörg Harmuth
0 siblings, 1 reply; 6+ messages in thread
From: Dimitri Yioulos @ 2005-05-05 15:18 UTC (permalink / raw)
To: netfilter
On Thursday May 5 2005 11:06 am, you wrote:
> On Thu, 2005-05-05 at 10:48 -0400, Dimitri Yioulos wrote:
> > On Thursday May 5 2005 10:37 am, you wrote:
> > > > What have I missed (or messed up)?
> > >
> > > You have the ip_conntrack_ftp and ip_nat_ftp modules loaded? And a
> > > rule to pass ESTABLISHED and RELATED?
> >
> > George,
> >
> > I beleive I have the rule to pass ESTABLISHED and RELATED, but an lsmod
> > shows I don't have the ip_nat_ftp modules loaded. Would load that by
> > doing an "insmod /dirwhereitlives/ip_nat_ftp.o"?
>
> Just use 'modprobe ip_nat_ftp' in cases like this. You don't need to
> specify the whole path to loading modules. You'll also get errors using
> insmod if there are dependencies not loaded.
>
> Dan
Thank you both for the info. I'm waiting for my outside tester to report
back; hopefully he can now connect.
Let me really show the depths of my ignorance and ask, how do I install the
modules permanently?
as always, thanks.
Dimitri
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: FTP access from outside
2005-05-05 15:18 ` Dimitri Yioulos
@ 2005-05-06 9:37 ` Jörg Harmuth
0 siblings, 0 replies; 6+ messages in thread
From: Jörg Harmuth @ 2005-05-06 9:37 UTC (permalink / raw)
To: netfilter
Dimitri Yioulos schrieb:
[snip]
> ... how do I install the
> modules permanently?
>
Compile it into the kernel, meaning: make shure during kernel
configuration that there is "[*]" or "<*>" and not "<M>" in front of the
respective option (assuming "make menuconfig").
If you don't like this, you can configure your runlevel(s) to execute a
script, that loads the module(s).
Have a nice time,
Joerg
^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <d5e96bf205050604367aef4e3a@mail.gmail.com>]
* FTP access from outside
@ 2005-05-05 14:29 Dimitri Yioulos
0 siblings, 0 replies; 6+ messages in thread
From: Dimitri Yioulos @ 2005-05-05 14:29 UTC (permalink / raw)
To: netfilter
Hello, colleagues.
I'm embarassed to ask for help on this (it should be trivial to set up), but
I'm having no luck:
I'd like to enable FTP access to my web server, which is sitting in a DMZ,
from outside. I've add proftpd, and believe I've set it up properly. I can
access FTP from my LAN, but not from outside. I've added the following rules
to allow access:
-A FORWARD -p tcp -m tcp -d 192.168.1.3 -i eth0 -o eth2 --dport 21 -j ACCEPT
-A PREROUTING -p tcp -m tcp -d 67.x.x.x -i eth0 --dport 21 -j DNAT
--to-destination 192.168.1.3
-A POSTROUTING -s 192.168.1.3 -o eth0 -j SNAT --to-source 67.x.x.x
where eth0 is public interface and eth2 is DMZ interface
What have I missed (or messed up)?
As always, thanks.
Dimitri
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2005-05-06 11:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200505051437.j45EbauW006066@eden.inf.ed.ac.uk>
2005-05-05 14:48 ` FTP access from outside Dimitri Yioulos
2005-05-05 15:06 ` Daniel Wittenberg
2005-05-05 15:18 ` Dimitri Yioulos
2005-05-06 9:37 ` Jörg Harmuth
[not found] ` <d5e96bf205050604367aef4e3a@mail.gmail.com>
[not found] ` <d5e96bf205050604378818c3d@mail.gmail.com>
2005-05-06 11:47 ` Dimitri Yioulos
2005-05-05 14:29 Dimitri Yioulos
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox