FTP trouble at the iptables firewall of the Redhat Linux.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> My gateway(firewall) is Redhat Linux 7.1 and I can only get 1 dynamic ip
> from my provider.
> So I create the IP-MASQURADE using iptables for my home-lan.
> 
> My target is "creating a FTP server at one of my home-lan machine(Redhat
> 7.2)". but now
> I found it can be run as a FTP client but can't be run as a FTP server for
> the Data Connection Error.
> 
> I know the FTP protocol need 2 connections (Control connectin & Data
> connection) so I loaded this
> modules at my firewall linux box:
> ----------------------------------------------------------
> ip_nat_irc              4320   0  (unused)
> ip_nat_ftp              3760   0  (unused)
> ip_conntrack_irc     3040   0  (unused)
> ip_conntrack_ftp     2480   0  (unused)
> ipt_MASQUERADE     1712   1  (autoclean)
> ipt_state             1200   3  (autoclean)
> iptable_nat          16160   2  (autoclean) [ip_nat_irc ip_nat_ftp
> ipt_MASQUERADE]
> ip_conntrack       15824   4  (autoclean) [ip_nat_irc ip_nat_ftp
> ip_conntrack_irc ip_conntrack_ftp 
>      ipt_MASQUERADE ipt_state iptable_nat]
> iptable_filter         2304   0  (autoclean) (unused)
> ip_tables             11072   6  [ipt_MASQUERADE ipt_state iptable_nat
> iptable_filter]
> ---------------------------------------------------------
> 
> and let me attache my firewall setting here:
> #-------------------------------
> # default INPUT/FORWARD policy
> #-------------------------------
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> #---------------------
> # clear the chains
> #---------------------
> iptables -F
> iptables -F -t nat
> iptables -X
> iptables -X -t nat
> #---------------------
> # make rule & chains
> #---------------------
> # Difene the default INPUT/FORWARD rule.
> iptables -N default
> iptables -A default -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A default -m state --state NEW -i eth0 -j ACCEPT
> iptables -A default -m state --state NEW -i ! eth0 -j ACCEPT
> iptables -A default -j DROP
> # Use the defaule rule to the INPUT/FORWARD chains.
> iptables -A INPUT -j default
> iptables -A FORWARD -j default
> 
> # Defile the pass chain and insert it to the FORWARD.
> # - telnet -
> iptables -t nat -A PREROUTING -i eth0 -d 219.105.XXX.XXX -p tcp --dport
> 10023 
>   -j DNAT --to 192.168.0.128:23
> # - ftp -
> iptables -t nat -A PREROUTING -i eth0 -d 219.105.XXX.XXX -p tcp --dport
> 10021 
>   -j DNAT --to 192.168.0.128:21
> iptables -N pass
> iptables -A pass -d 192.168.0.128 -p tcp --dport 23 -j ACCEPT
> iptables -A pass -d 192.168.0.128 -p tcp --dport 21 -j ACCEPT
> iptables -I FORWARD 1 -j pass
> 
> # Using the ipMASQUERADE at the POSTROUTING chain.
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> 
> 
> Now I want to know the reason of why I can't make the FTP data connection
> to
> the home-lan FTP Server. or...... maybe it is the Impossible mission ???
> 
> Rai
> 
> 
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux