Mayby use a rule with: -m helper --helper ftp It uses conntrack and conntrack_ftp. On Sat, 28 Feb 2004 09:27:36 +0100 Gustav Petersson <gustav.petersson@xxxxxxxxxxxxxx> wrote: > Like the subject line says.. how do I do it? > > I have port http traffic forwarded to the same server but when i use the > same rule with only the port(s) changed for ftp traffic my ftp server > opens the connection but immediately closes it again. I have tried > running both the standard in.ftpd and proftpd. Any help would be greatly > appreciated. > > Gustav Petersson > > I am running debian 3.0 with kernel 2.4.24 and I have the following > modules loaded: > > ipt_LOG > ipt_state > iptable_filter > ip_nat_ftp > ip_conntrack_ftp > iptable_nat > ip_conntrack > ip_tables > > Here is my firewall config: > #!/bin/sh > > EXT_IP=1.2.3.4 > INT_IP=192.168.x.x > > modprobe iptable_nat > modprobe ip_conntrack_ftp > modprobe ip_nat_ftp > > echo "1" > /proc/sys/net/ipv4/ip_forward > > iptables -P INPUT ACCEPT > iptables -F INPUT > iptables -P OUTPUT ACCEPT > iptables -F OUTPUT > iptables -P FORWARD ACCEPT > iptables -F FORWARD > iptables -t nat -F > > # NAT > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 213.88.181.68 > > > > # Forward port 80 to internal server > iptables -A PREROUTING -t nat -p tcp -d $EXT_IP --dport 80 \ > -j DNAT --to $INT_IP:80 > > # Forward ports 20 and 21 to internal server > iptables -A PREROUTING -t nat -p tcp -d $EXT_IP --dport 20 \ > -j DNAT --to $INT_IP:20 > > > iptables -A PREROUTING -t nat -p tcp -d $EXT_IP --dport 21 \ > -j DNAT --to $INT_IP:21 > > > >
