[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables, ftp and dnat?

On Fri, Dec 05, 2008 at 03:30:19PM -0700, Robert L. Harris wrote:
 
>   I've read both of those and understand how the ftp works.  I've
> spent the last 2 days googling.
> Unfortunately it's all working now except how to get the iptables data
> connection in passive
> mode working.  I can log in, etc just fine but when I do a "ls" after
> issuing the "passive"
> command it times out.
> 
>   The second example looks good but doesn't handle the DNAT (the ftp
> server is running on
> another machine behind my firewall.

It hangs after ls? Sounds like your data traffic gets jammed somehow.

Some things to consider:
- did you open up the data port (this is control port minus 1)?
- did you open some ports for the passive connection?
- did you tell this to your server?
- does the NAT machine translate the ftp packets properly?

If you're using proftpd you may try set following directives in the
config:

PassivePorts    <range>
MasqueradeAddress       <wan IP NAT/firewall machine>

I had the exact same problem, and this fixed it for me.

-- 
Good day for a change of scene.  Repaper the bedroom wall.
Reply to: