iptables, ftp and dnat?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Help... I have the following in my firewall startup script:
/sbin/modprobe nf_conntrack_ftp
$IPTABLES -A INPUT -p tcp --dport 21 -m state --state
NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 21 -j DNAT
- --to 10.1.1.32:21
$IPTABLES -A OUTPUT -p tcp --dport 21 -m state --state
NEW,ESTABLISHED -j ACCEPT
# Active
$IPTABLES -A INPUT -p tcp --sport 20 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --sport 20 -j DNAT
- --to 10.1.1.32:20
$IPTABLES -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED
- -j ACCEPT
# Passive
$IPTABLES -A INPUT -p tcp --sport 1024: --dport 1024: -m state
- --state ESTABLISHED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 1024: -j
DNAT --to 10.1.1.32
$IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state
- --state ESTABLISHED,RELATED -j ACCEPT
I am trying to forward public internet ftp traffic to a machine behind
my firewall. Anyone have
this working? Mine is failing and I have no real debug info to
explain why....
Robert
- --
:wq!
====================================================================
Robert L. Harris | GPG Key ID: E344DA3B
@ x-hkp://pgp.mit.edu
DISCLAIMER:
These are MY OPINIONS With Dreams To Be A King,
ALONE. I speak for First One Should Be A Man
no-one else. - Manowar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iD8DBQFJOWZz8+1vMONE2jsRAiGhAKDegPgFRU+X7CDblJAvkPIemPHu7ACgwJo3
8K6ABSfK+3JJIgFEbK2IsxA=
=kAMe
-----END PGP SIGNATURE-----
Reply to: