Iptables and FTP problem

To: debian-firewall@lists.debian.org
Subject: Iptables and FTP problem
From: "Mahdi Rahimi" <rahimi@eaedu.net>
Date: Sat, 1 Sep 2007 13:22:56 +0430 (IRDT)
Message-id: <[🔎] 41540.217.219.129.55.1188636776.squirrel@mail.eaedu.net>

hello
I have problem in our clients's outside ftp access via debian.
My LAN users can't start data transfer to outside FTP servers, but they
can establish connection to port 21 on the outside ftp server.

I want to my LAN users use ftp clinets in ACTIVE mode.
my rules:

***nat
-A PREROUTING -i $LAN -s 192.168.1.0/26 -p tcp -m multiport --dport 21 -j
ACCEPT
-A POSTROUTING -s 192.168.1.0/26  -d 0/0 -o eth1 -j MASQUERADE

***filter
-A FORWARD -i $LAN -o $EXT -s 192.168.1.0/26 -p tcp --dport 21 -m state
--state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i $EXT -o $LAN -p tcp --sport 21 -m state --state
ESTABLISHED,RELATED -j ACCEPT

*************
modprobe ip_conntrack_ftp , ip_conntrack, ip_nat_ftp

Reply to:

Follow-Ups:
- Re: Iptables and FTP problem
  - From: Phil Dyer <phil@dyermaker.org>
- ssl/tls and ftp client logs
  - From: maharaja <raoul@bhatia.at>

Next by Date: Re: Iptables and FTP problem
Next by thread: Re: Iptables and FTP problem
Index(es):
- Date
- Thread