Hey
all,
I've been fighting
with this problem for over a week, and I've made no headway. I have a
server with a bank of serial ports, all attached to modems. We use scripts
to raise and drop lines to various customer sites that we support. In the
past, we've had great success using iptables to handle forwarding and NAT of LAN
traffic going out over the wire to the customer's servers. My latest
server, however, doesn't handle FTP, PCAnywhere or RDP at all, using the
same iptables commands as the older servers. It has a slightly newer
(v1.2.6a vs. 1.2.5) version of iptables, but otherwise isn't much
different.
Telnet and ICMP work
fine, but PCA and RDP never connect. You can connect to a server using
FTP, and browse in Active or Passive mode without any problems. As soon as
you try to transfer a file, however, the transfer hangs immediately, regardless
of whether you use Active or Passive. I've pared my iptables script down
to the bare minimum that gets me to this state after a full reboot, and here it
is:
modprobe
ip_conntrack_ftp
modprobe
ip_nat_ftp
iptables -P FORWARD
DROP
iptables -F
FORWARD
iptables -t
nat -P POSTROUTING ACCEPT
iptables -t
nat -F POSTROUTING
iptables -t
nat -A POSTROUTING -o ppp+ -j MASQUERADE
iptables -A
FORWARD -i eth0 -o ppp+ -j ACCEPT
iptables -A
FORWARD -i ppp+ -o eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
Distro is Debian
3.0r2, kernel is 2.4.26. All non-experimental netfilter kernel options are
compiled as modules; except for ip_conntrack_ftp and ip_nat_ftp, I just let the
others autoload as I issue the iptables statements above. Can anyone shed
any light on why this is happening?? The same iptables ruleset works fine
on my other servers, and I'm stumped!
Derek
V.
