[TriLUG] iptables & DNAT for FTP access question

[Greg Brown]

FTP requires both ports 20 and 21.  Create a new line in your iptables 
script to forward port 20 as well and you should be good to go.

Greg

On Sunday, August 3, 2003, at 09:43 AM, Carlos J. Cela wrote:

> Hi,
>
> I have a network configuration with two segments, one connected using 
> ethernet and the other using fibre-channel. Only one machine is 
> connected to both network segments, a RedHat 8 with 2.4.20 kernel. - 
> ifconfig will list the fc adapter just as another NIC.
>
> What I am trying to do is to access an FTP server located in a machine 
> in the  fibre-channel segment from my desktop (WinXP), which is 
> connected in the ethernet LAN segment.
>
> I have created an alias of the ethernet card  of the Linux box, and my 
> intention was for that alias to redirect all incoming requests to the 
> FTP server on the other segment, by:
>
> #setup an alias for the ethernet card
> ifconfig eth0:0 192.168.200.247 up
>
> #Enable ip_tables
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> #Translated address of alias (247) to FC card, so I can FTP from my 
> remote PC
> iptables -t nat -A PREROUTING -p tcp -d 192.168.200.247 --dport 21 -j 
> DNAT --to 192.168.201.11
>
> Where the 192.168.201.11 is the actual ip of the FTP server, and 
> 192.168.200.247 is the ip to access it from the ethernet side. For 
> some reason this is only partially working - I get a 'ftp unknown 
> error' when trying to connect. I know that the packets are being 
> redirected because if not it will connect to the local FTP server on 
> the Linux box...I am new to iptables.. is this the right way to go 
> here? What am I missing? Help?
>
> Thanks-
> Carlos
>
> -- 
> TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>