Passive FTP thru ip_masq_ftp
I have this configuration:
clients -- Internet -- Linux box -- private network -- router -- external
network -- FTP server
The client must access the FTP server which resides in a network out of my
control. The FTP server has IP address PRIVATE_NAT.
My solution is: map the FTP server to PUBLIC_NAT on the Linux box; plus,
masquerade the client connection to the FTP server as coming from the Linux
box (so that the external network knows where to route the answers).
The Linux gateway is configured this way:
ip route add nat PUBLIC_NAT via PRIVATE_NAT
ip rule add prio 3000 from PRIVATE_NAT nat PUBLIC_NAT
ipchains -A forward -d PRIVATE_NAT -j MASQ
The problem is: passive FTP from a client to the server doesn't work. is
this a problem with ip_masq_ftp? is there anything I can do to make it work?