Public IP's with 1:1 mapping does not map all ports or passive ftp does not work [long]
Hello,
I've got strange problem ,
I give my customers public ips with SNAT/DNAT (we call it 1:1) ip
mapping. When A client with lan ip 10.100.1.123 has public ip
217.17.x.123 he can use all the apps he want (apps that demand public
ip or forwardded port) so everything seems to be okay...
but ...
a) active ftp does not work
b) avaya vpn works sometimes, and sometimes not...
ad a) so tracing the problem i tcpdumped one client (he's using pppoe
channel and i have rp-pppoe server) the ftp server responsed with
"port 1026 unavailable" ... then i've telneted to this port and i've
noticed that telnet touched my customer's 1026 port ...
how can it be that all ports are mapped and reachable with telnet but
active ftp does not work ?
ad. b) this is only strange case that encouraged me to claim that
we've got some problems ;)
my firewall:
iptables -L -n : http://paste.debian.net/13327
iptables -L -n -t filter : http://paste.debian.net/13330
iptable -L -n -t nat : http://paste.debian.net/13329
if You want some more debug - please request for it ;)
thanks
--
Wojciech Ziniewicz | jid:zeth@chrome.pl
http://silenceproject.org | http://zetho.wordpress.com
Reply to: