Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th May 2006, 22:01
tom tom is offline
Senior Member
 
Join Date: Apr 2006
Posts: 492
Thanks: 8
Thanked 8 Times in 7 Posts
Default iptables and forwarding for ftp - how?

I need to forward the ftp trafic.

Whith my ftp client I can log in but I don't see anything - no file, no directory.
This are my rules:
Code:
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j DNAT --to-destination 10.0.1.1

    iptables -A FORWARD -i eth0 -m state --state NEW -p tcp -d 10.0.1.1 --dport 21 -j ACCEPT

    iptables -t nat -A POSTROUTING -o vif1.0 -p tcp --dport 21 -j SNAT --to-source 10.0.1.1
That's the log from me ftpclient filezilla:
Code:
Befehl:	USER web4_abc
Antwort:	331 Password required for web4_abc.
Befehl:	PASS *****
Antwort:	230 User web4_abc logged in.
Befehl:	FEAT
Antwort:	211-Features:
Antwort:	211-MDTM
Antwort:	211-REST STREAM
Antwort:	211-SIZE
Antwort:	211 End
Befehl:	SYST
Antwort:	215 UNIX Type: L8
Status:	Verbindung hergestellt
Status:	Verzeichnisinhalt wird abgeholt...
Befehl:	PWD
Antwort:	257 "/" is current directory.
Befehl:	PORT 192,168,1,4,14,24
This last red line I don't understand

Last edited by tom; 11th May 2006 at 22:07.
Reply With Quote
Sponsored Links
  #2  
Old 11th May 2006, 22:26
gabriele gabriele is offline
Junior Member
 
Join Date: Feb 2006
Location: Napoli
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Would be better to know what linux you have and what ftpd you use , anyway these are my iptables :
# FTP
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $GATEWAY --dport 21 -j DNAT --to $FTP:21
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $GATEWAY --dport 20 -j DNAT --to $FTP:20

If you have a default DROP also:
/sbin/iptables -A FORWARD -i eth0 -p tcp -d $FTP -m multiport --dports 20,21 -j ACCEPT

... and if you use passive ftp and ... if ... you have proftpd go to proftpd.conf and assigne passive ftp ports : PassivePorts(i say best)60000:65535 and in iptables .
ciao !
Reply With Quote
  #3  
Old 11th May 2006, 23:01
tom tom is offline
Senior Member
 
Join Date: Apr 2006
Posts: 492
Thanks: 8
Thanked 8 Times in 7 Posts
Default

Quote:
Originally Posted by gabriele
Would be better to know what linux you have and what ftpd you use , anyway these are my iptables :
# FTP
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $GATEWAY --dport 21 -j DNAT --to $FTP:21
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $GATEWAY --dport 20 -j DNAT --to $FTP:20

If you have a default DROP also:
/sbin/iptables -A FORWARD -i eth0 -p tcp -d $FTP -m multiport --dports 20,21 -j ACCEPT

... and if you use passive ftp and ... if ... you have proftpd go to proftpd.conf and assigne passive ftp ports : PassivePorts(i say best)60000:65535 and in iptables .
ciao !
I'm using debian3.1 and proftp
Why do you use multiport?
Reply With Quote
  #4  
Old 12th May 2006, 12:25
gabriele gabriele is offline
Junior Member
 
Join Date: Feb 2006
Location: Napoli
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

It's an iptables function you can target as many ports as you need.FTPD in particular needs an extra tcp port for data-transfer (20) + ,as i sayd above, if you do passive ftp, it can use any port from 30000 to 65535(if i'm not wrong) so becomes a bit difficult to configure in the firewall unless you don't declare it it the configuration as i sayd !
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables - forwarding for ftp how tom Kernel Questions 0 11th May 2006 21:58


All times are GMT +2. The time now is 16:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.