On 10/5/07, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
Thanks, That means below 2 rules will be enough.
ptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 21 -j DNAT --to-destination 192.168.100.3:21
iptables -A FORWARD -p tcp -d 192.168.100.3 --dport 21 -m state --state NEW -j ACCEPT
Am I right?
Indunil Jayasooriya wrote:
>
> Hi all,
>
> I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
> passive ftp.
>
> the theroy behind passive ftp is ,
>
except, passive vs active is the choice the CLIENT not the server. the
only way to properly handle both modes is to parse the FTP commands on
the control port (21) and setup/teardown port forwards on dynamic ports
as needed.
if you use the ip_nat_ftp module, this is all taken care of
automatically and both transfer modes should work, you'll simply need to
forward the control port.
Thanks, That means below 2 rules will be enough.
ptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 21 -j DNAT --to-destination 192.168.100.3:21
iptables -A FORWARD -p tcp -d 192.168.100.3 --dport 21 -m state --state NEW -j ACCEPT
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
--
Thank you
Indunil Jayasooriya
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
