On Monday 03 May 2004 5:04 am, marquis@xxxxxxxxxxxxxx wrote:
> Hello
>
> I have installed an ftp server on 192.168.0.25 port 6666 mode PASV.
> I can connect myself from 192.168.1.36 with giving 192.168.0.25 as server
> IP. I cannot connect myself from 192.168.1.36 giving one of the FireWall
> IPs. Normal ! I must use prerouting utility to redirect packets.
> To do prerouting of anyone to my ftp server (192.168.0.25), I do this :
>
> $IPTABLES -A FORWARD -p tcp --dport 6666 -j ACCEPT
> $IPTABLES -A FORWARD -p tcp --dport 60100:60200 -j ACCEPT
>
> $IPTABLES -A PREROUTING -t nat -p tcp --dport 6666 -j DNAT
> --to-destination 192.168.0.25
> $IPTABLES -A PREROUTING -t nat -p tcp --dport 60100:60200 -j DNAT
> --to-destination 192.168.0.25
>
> but it doesn't work : I can even not connect to the ftp server !
>
> Could you help me ?
Perhaps the FTP server is not using a port in the range 60100-60200 for the
second channel connection?
Antony.
--
G- GIT/E d- s+:--(-) a+ C++++$ UL++++$ P+(---)>++ L+++(++++)$ !E W(-) N(-) o?
w-- O !M V+++(--) !PS !PE Y+ PGP+> t- tv@ b+++ DI++ D--- e++>+++ h++ r@? 5?
!X- !R K--?
Please reply to the list;
please don't CC me.
