iptables ... revisited ... problems with ftp connections
allright, i now have a problem that i cant understand.
im runnin 2.4.0-t7 with the netfilter package.
my firewall is forwarding my ftp connections on port 2345 on
into my masq'd ftp server runing on a high port (5500).
most people are able to access my ftp through the firewall
with no problems, but some are having nothing but problems.
after a little investigation i have found that the people who
are having problems are users who themselves are masq'd behind
which ever type of connection they have.
in therory i belive that this should have no bearing on the
connection, becasue that is what NAT is desigined to accomplish
but these people are not able to estabolish a data connection at
all. now i have instructed them to try both PASV and no PASV
with still no results. does anyone have any ideas on how to fix this?
now my setup is fairly straightfoward. i got a firewall listening on port
2345
which forwards to port 5500 on a seperate masq'd box. im using a prerouting
rule for that.
# FTP traffic on into internal hosts
echo " - Forwarding all FTP traffic on $EXTIP1 to $SSERV02"
/sbin/iptables -t nat -A PREROUTING -p tcp -d $EXTIP1 --dport 2345 -j
DNAT --to $PORTFWIP1:5500
then later i specify that tha host has nat access with a postrouting rule
echo " - Allowing Secured Server $PORTFWIP1 SNAT Support"
/sbin/iptables -t nat -A POSTROUTING -o $EXTIF -s $PORTFWIP1 -j SNAT --to
$EXTIP1
thats about it. i am thuroghly confused. b/c most users can connect and
ul/dl just
fine, but the users who themselves are using some form of NAT can connect,
but they
are unable to estabolish a data connection.
thanks
mike
Reply to: