Quoting Oswald Buddenhagen <email@example.com>:
> > Quick question as I haven't really used ipmasq that much. What
> > rules would I add in order to have an ftpd running on port 5510 on
> > accessible from outside the internal network. I realize I have to
> > both 5510 and 5509 but I'm not sure how to go about it.
> i don't know, if there are ways around it, but the masqerading-howto
> clearly states, that it is basically impossible to access hosts on the
> inner network from outside. masq-ing allows only outgoing connections.
IPMASQADM has a PORTFW "module" available.
These are the commands I'm using to forward ftp to an internal ftp server.
The FTP-DATA works typically in reverse direction of the control connection.
/usr/sbin/ipmasqadm portfw -a -P tcp -L 22.214.171.124 21 -R 10.1.1.3 21
/sbin/ipchains -A input -j ACCEPT -i eth1 -s 126.96.36.199 -l -p tcp -d 0.0.0.0/0
It works well for me, but of course I'm not using ftp on a different port.