For this to work you would need to load
ip_nat_Ftp and ip_conntrack_ftp with the parm
ports=21,113
otherwise the connection tracker and the nat will only watch
port 21.
Alistair Tonner
nerdnet.ca
Senior Systems Analyst - RSS
Any sufficiently advanced technology will have the appearance of magic.
Lets get magical!
On March 9, 2003 05:53 am, Frederic SOSSON wrote:
> Hi all,
>
> I'm juste a newbie in iptables ;) My problem is, i have a linux box
> routing my DSL connection, i set these rules:
>
> iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
> iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> iptables -A FORWARD -j LOG --log-prefix "Firewall: "
>
> == Great, i have acces to thet NET ! ==
>
> I have also a machine (192.168.0.50) in my local network running an FTP
> client this one runing an identd daemon (port 113) to access to an FTP
> server on the internet, i have added this rule
>
> iptables -t nat -A PREROUTING -p tcp --dport 113 -i ppp0 -j DNAT --to
> 192.168.0.50:113
>
> But my FTP client tels me:
>
> [11:51:58] PORT 192,168,0,50,13,161
> [11:51:58] 200 PORT command successful.
> [11:51:58] LIST
> [11:52:02] 425 Can't build data connection: No route to host.
>
> Any help would be appreciate ;)
>
>
>
> Frederic
--
