Well, I've played with this for a week, and I can't be sure that it isn't
the routers/switches in between, but the configuration (using Linux 2.6
and iptables 1.2.9) is:
MS Windows Client Linux
"Forwarder"
172.16.16.39/22 172.16.16.8/22
Default Route: 172.16.16.8 ------> Default Route:
172.16.16.20
^ ^
| |
| |
___________________________________
|
|
CISCO Catalyst
172.16.16.200
|
ASN1 Router
|
ASN1 Router
|
CISCO Catalyst
172.16.8.200
|
|
________________
|
|
v
Linux FTP Proxy (incoming port 2370)
Internal Interface: 172.16.11.237/22
External Interface: Internet
I've changed the MS Windows Client to use the Linux Forwarder as the
default route (subnet 16). I've added a rule to the Linux FTP Proxy to
autoforward packets to the FTP Proxy listening on port 2370 via:
iptables -t nat -A PREROUTING -p tcp -s 172.16.0.0/16 --dport 21 -j DNAT
--to 172.16.11.237:2370
If I FTP from 172.16.16.8 to 172.16.11.237 I am redirected to the 2370 on
237. If I FTP from 172.16.16.36 to any outside host, the incoming packets
are detected by tcpdump. But none of the rulesets I've tried on
172.16.16.8 or 172.16.11.237 seem to allow me to redirect FTP traffic
though 172.16.16.8 and 172.16.11.237.
Do I need to make 172.16.11.237 the default route or can I do this with
iptables, alone?
Thanks in advance.
Sean McLinden
Allegheny County Health Department
