[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables ... revisited ... problems with ftp connections

allright, i now have a problem that i cant understand.
im runnin 2.4.0-t7 with the netfilter package.
my firewall is forwarding my ftp connections on port 2345 on
into my masq'd ftp server runing on a high port (5500).

most people are able to access my ftp through the firewall
with no problems, but some are having nothing but problems.
after a little investigation i have found that the people who
are having problems are users who themselves are masq'd behind
which ever type of connection they have.

in therory i belive that this should have no bearing on the
connection, becasue that is what NAT is desigined to accomplish
but these people are not able to estabolish a data connection at
all. now i have instructed them to try both PASV and no PASV
with still no results. does anyone have any ideas on how to fix this?

now my setup is fairly straightfoward. i got a firewall listening on port
which forwards to port 5500 on a seperate masq'd box. im using a prerouting
rule for that.

  # FTP traffic on into internal hosts
echo "  - Forwarding all FTP  traffic on $EXTIP1 to $SSERV02"
/sbin/iptables -t nat -A PREROUTING -p tcp -d $EXTIP1 --dport 2345 -j
DNAT --to $PORTFWIP1:5500

then later i specify that tha host has nat access with a postrouting rule

echo "  - Allowing Secured Server $PORTFWIP1 SNAT Support"
/sbin/iptables -t nat -A POSTROUTING -o $EXTIF -s $PORTFWIP1 -j SNAT --to

thats about it. i am thuroghly confused. b/c most users can connect and
ul/dl just
fine, but the users who themselves are using some form of NAT can connect,
but they
are unable to estabolish a data connection.


Reply to: