On Tuesday 19 November 2002 01:00 pm, H=E9lio Dubeux wrote: > I has a Linux box act as a gateway eith iptables, i had already enabled= the > ftp and irc conntrack modules, NAT is configured too. I have a windows = 98 > connected to this gateway and i have about 5 machines connected by a HU= B to > this W98 machine sharing the internet connection. I trie to use a progr= am > called CuteFTP to access remote ftp sites and i can not download or upl= oad > files. What=B4s wrong? Do i have to enable some other module in my kern= el??? > I set transfer module in DOS to binary and didn=B4t work as well. Make sure you are allowing ESTABLISHED/RELATED state packets through the=20 filter FORWARD chain, to allow for additional ports (IE data instead of=20 control) being opened during/by the FTP session. Something like: /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT should do the trick. You can specify -i or -o if that is useful in your=20 set-up, but make sure you allow both directions in the end. BTW, is there any particular reason you don't have the gateway right on t= he=20 hub? It can handle the connection sharing better than Win98, and you're=20 already performing NAT in it, it seems redundant (at best) to then perfor= m=20 NAT again in the Win98 machine. This would also eliminate the requiremen= t=20 that the Win98 machine always be up for the other machines to connect. A= lso,=20 if you already have the above state matches enabled, it is possible that = the=20 double-nat is causing the Win98 connection sharing to bungle the NAT of=20 RELATED connections. (if it even handles them correctly to begin with, I= =20 don't know...) j
