* Ryan White (rwhite@niuhi.com) [020415 10:29]: > > I need to setup a NAT so that a single IP can access all ports on a internal > machine I tried this: > $IPTABLES -I PREROUTING -t nat -s 211.39.xxx.xxx -d 211.233.xxx.xxx -j > DNAT --to 172.16.2.178 > > I have other public (HTTP) NAT's for the same destination. > What am I doing wrong here. The internal machine has ftp open but I can't > get it to let me FTP from the above NAT. How much does it work or not work? Are you able to establish the control connection? Is it just that the data connection can't be made? Does passive mode work? Are you filtering anything? Make sure you have rules like these: $IPTABLES -A FORWARD -s 211.39.xxx.xxx -d 172.16.2.178 -j ACCEPT $IPTABLES -A FORWARD -d 211.39.xxx.xxx -s 172.16.2.178 -j ACCEPT Is your ftp connection tracking module loaded? Is the outgoing data connection being SNATed appropriately? I can't really tell what's wrong, but those are some things you might check. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml
Attachment:
pgpLIdquLUgNq.pgp
Description: PGP signature