--On Wednesday, November 05, 2003 16:40:05 -0700 "Han, Yan" <hany@xxxxxxxxxxxxxxxxxxxxx> wrote: > > We use a linux server as a firewall and forward packets to different > servers. In this case, we applied the iptables to forward packets from $Fido > to $AtlasFtp for FTP. It is ok that we can log in the ftp server, but unable > to do other things such as "ls", neither does Windows GUI FTP. > > Does anyone know why the FTP does not work? (we opened the port 20 and 21 > for FTP)? Is there something wrong with ports? > > >############ FTP ######### > iptables -t nat -A PREROUTING -i eth0 --dst $Fido -p tcp --dport $FTP_Port > -j DNAT --to $AtlasFtp ># iptables -t nat -A PREROUTING -i eth0 --dst $Fido -p udp --dport > $FTP_Port -j DNAT --to $AtlasFtp > > iptables -t nat -A POSTROUTING -p tcp --dst $AtlasFtp --dport $FTP_Port > -j SNAT --to-source $Fido ># iptables -t nat -A POSTROUTING -p tcp --dst $AtlasFtp --dport $FTP_Port > -j SNAT --to-source $Fido > > iptables -t nat -A OUTPUT --dst $Fido -p tcp --dport $FTP_Port -j DNAT > --to-destination $AtlasFtp > # iptables -t nat -A OUTPUT --dst $Fido -p udp --dport $FTP_Port -j DNAT > --to-destination $AtlasFtp > > > > Yan You need to add a state RELATED rule to allow the data connection opened back to the client, or use passive mode FTP. Frank -- Frank Smith fsmith@xxxxxxxxxxx Systems Administrator Voice: 512-374-4673 Hoover's Online Fax: 512-374-4501
