[TriLUG] iptables & DNAT for FTP access question
Carlos J. Cela
ccela at nc.rr.com
Sun Aug 3 15:44:21 EDT 2003
Greg,
Thanks for your help here - I will try that tomorrow. I hope it works
out, but I believe there might be something else there...
See, I thought that the 'data' connection on FTP was not needed to just
login into the FTP server - I know that the port 20 connection will be
used for data transfer (GET/PUT) and to list files on response of a DIR
command, but I believe it should not be required to just log in into the
server. If I only map port 21, I would expect to have an error when
trying to transfer, but I should still be able to just log in...
Also.. if I might need to perform proxy FTP transfers; Do I need to map
the inverse routes so the FTP server can see my desktop?
Thanks,
Carlos-
Greg Brown wrote:
> FTP requires both ports 20 and 21. Create a new line in your iptables
> script to forward port 20 as well and you should be good to go.
>
> Greg
>
> On Sunday, August 3, 2003, at 09:43 AM, Carlos J. Cela wrote:
>
>> Hi,
>>
>> I have a network configuration with two segments, one connected using
>> ethernet and the other using fibre-channel. Only one machine is
>> connected to both network segments, a RedHat 8 with 2.4.20 kernel. -
>> ifconfig will list the fc adapter just as another NIC.
>>
>> What I am trying to do is to access an FTP server located in a
>> machine in the fibre-channel segment from my desktop (WinXP), which
>> is connected in the ethernet LAN segment.
>>
>> I have created an alias of the ethernet card of the Linux box, and my
>> intention was for that alias to redirect all incoming requests to the
>> FTP server on the other segment, by:
>>
>> #setup an alias for the ethernet card
>> ifconfig eth0:0 192.168.200.247 up
>>
>> #Enable ip_tables
>> echo "1" > /proc/sys/net/ipv4/ip_forward
>>
>> #Translated address of alias (247) to FC card, so I can FTP from my
>> remote PC
>> iptables -t nat -A PREROUTING -p tcp -d 192.168.200.247 --dport 21 -j
>> DNAT --to 192.168.201.11
>>
>> Where the 192.168.201.11 is the actual ip of the FTP server, and
>> 192.168.200.247 is the ip to access it from the ethernet side. For
>> some reason this is only partially working - I get a 'ftp unknown
>> error' when trying to connect. I know that the packets are being
>> redirected because if not it will connect to the local FTP server on
>> the Linux box...I am new to iptables.. is this the right way to go
>> here? What am I missing? Help?
>>
>> Thanks-
>> Carlos
>>
>> --
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>>
>
More information about the TriLUG
mailing list