[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

problem

witam. mam serv (debian woody 3.0)
na nim firewalla:
 
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -F -t nat
/sbin/iptables -X -t nat
/sbin/iptables -F -t filter
/sbin/iptables -X -t filter
/sbin/iptables -t filter -P FORWARD DROP
/sbin/iptables -t filter -A FORWARD -s 192.168.0.100 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 192.168.0.104 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 192.168.0.105 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 192.168.0.106 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 192.168.0.107 -d 0/0 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 0/0 -d 192.168.0.100 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 0/0 -d 192.168.0.104 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 0/0 -d 192.168.0.105 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 0/0 -d 192.168.0.106 -j ACCEPT
/sbin/iptables -t filter -A FORWARD -s 0/0 -d 192.168.0.107 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.100 -d 0/0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.104 -d 0/0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.105 -d 0/0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.106 -d 0/0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.107 -d 0/0 -j MASQUERADE
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
#przekierowanie portow
/sbin/iptables -t nat -A PREROUTING -p tcp -d 217.96.188.178 --dport 666 -j DNAT --to 192.168.0.104:45
/sbin/iptables -t nat -A PREROUTING -p udp -d 217.96.188.178 --dport 666 -j DNAT --to 192.168.0.104:45
 
chce przekierowac port 666 z zewnatrz by mozna bylo sie aczyc do kompa w sieci na ftp-a na port 45.
gdy ktos sie laczy z zewnatrz pokazuje sie taki komunikat :
 
530 Only client IP address allowed for PORT command.
 
i nie moze sie polaczyc...
ip_contrack_ftp jest zaladowany, ip_contrack rowniez.
klient uzywa pssive
gdzie lezy blad ?
Reply to: