On Thursday 20 November 2003 12:11 am, Francisco André Barbosa Neto wrote:
> Hi all, I've installed Slackware 9.1 in 2 diferent pc's, in 2 different
> clients. These machines are doing nat to all the internal network. I'm
> running only a single rule described below, but when any of the client
> machines try to connect to any ftp site, the connection was ok but when the
> user gives an ls command the server respond 500 ilegal command.
>
> iptables -F
> iptables -t nat -F
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT --to
> 200.X.X.X
I would recommend that you specify the interface which packets are supposed
to leave from in the above rule, just to make sure it applies only to traffic
going out of your external interface:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT
--to 200.X.X.X
(assuming eth0 is the external interface, with the 200.x.x.x address on it -
if not, insert the appropriate interface name instead).
However, to get back to your question regarding why FTP isn't doing what you
want, have you compiled support and/or loaded modules for FTP NAT and
Connection Tracking?
Antony.
--
In science, one tries to tell people
in such a way as to be understood by everyone
something that no-one ever knew before.
In poetry, it is the exact opposite.
- Paul Dirac
Please reply to the list;
please don't CC me.
