ftp passthrought

To: debian-firewall@lists.debian.org
Subject: ftp passthrought
From: Leonardo Boselli <leo@dicea.unifi.it>
Date: Sun, 8 Mar 2009 00:32:13 +0100 (CET)
Message-id: <Pine.LNX.4.21.0903080022160.24583-100000@student.dicea.unifi.it>

a give external access to internal users on the machine that act as a
firewall giving the following commands:
(is a batch run when a local machine is enbled and the opposite when is
disabled - local machine have addresses as 172.24.8.y public addresses
are of the kind A.B.C.y where $t4=y)

-------
ifconfig eth0:$t4 $t4 netmask 255.255.255.0

iptables -t nat -A POSTROUTING -s $172.24.8.$t4 -j SNAT --to-source
A.B.C.$t4

iptables -t nat -A PREROUTING -d A.B.C.$t4 -j DNAT --to-destination
$172.24.8.$t4
---------

all works fine, except ftp, since when someone try to connet ther is a
message PORT 172.24.8.y .... that of course is not recognized by remote
machine.
what is the better and cleanest way to fix this problem ?

Reply to:

Follow-Ups:
- Re: ftp passthrought
  - From: Daniel Dickinson <cshore@brucetelecom.com>

Next by Date: Re: ftp passthrought
Next by thread: Re: ftp passthrought
Index(es):
- Date
- Thread