From: Ernesto Silva <silva@ort.edu.uy>
To: netfilter@lists.netfilter.org
Subject: common FTP+NAT problem
Date: Mon, 31 Jul 2006 13:35:06 -0300 [thread overview]
Message-ID: <44CE313A.4040204@ort.edu.uy> (raw)
Hi,
I'm having a problem to access internet ftp servers from my internal network. I understand the ftp connection but I
don't have enough information about ip_conntrack_ftp and ip_nat_ftp modules, so here is my situation.
I'm using iptables 1.3.3-3, I have the mentioned modules loaded and wrote the following rules:
_fwd="iptables -A FORWARD"
_nat="iptables -A POSTROUTING"
$_fwd -i $INT_IF -p tcp -s $INT_NET --sport 1024: -o $INET_IF --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$_fwd -i $INET_IF -p tcp --sport 21 -o $INT_IF -d $INT_NET --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
$_nat -p tcp -s $INT_NET --sport 1024: -o $INET_IF --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j SNAT --to $INET_NIC
Are those rules enough? or do I need to set some rules for port 20 in both active and passive mode?
What is the ip_conntrack_ftp and ip_nat_ftp modules functionality?
Best regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Universidad ORT Uruguay.
E-mail: silva@ort.edu.uy
Tel: (+598-2) 902-1505 ext. 206
next reply other threads:[~2006-07-31 16:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-31 16:35 Ernesto Silva [this message]
2006-07-31 16:52 ` common FTP+NAT problem former03 | Baltasar Cevc
[not found] ` <44CE397B.9030404@ort.edu.uy>
2006-07-31 17:23 ` former03 | Baltasar Cevc
2006-07-31 17:39 ` Ernesto Silva
2006-07-31 17:44 ` Pascal Hambourg
2006-07-31 18:03 ` Pascal Hambourg
2006-07-31 18:10 ` Ernesto Silva
2006-07-31 18:19 ` Pascal Hambourg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44CE313A.4040204@ort.edu.uy \
--to=silva@ort.edu.uy \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox