All, I sent the bellow message yesterday, but got no answers. I am sure it did not get there; if it did, sorry for the repost. The question is, can I have an internal FTP server? the firewall would have to FORWARD the connections to port 21, and then ip_conntrack_ftp would have to allow the rest of the communication in... Does this work? For more information, please read bellow message... is there anybody using it? Best regards, Erick > -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Erick Sanz > Sent: Monday, June 07, 2004 12:30 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: ip_conntrack_ftp and port forwarding > > > > All, > > I have a firewall at home protecting a web server (personal > stuff); I would like to add ftp capabilities in order to upload > files from work, so I can work home. > > ASCII diagram: > > > DSL -- Firewall -- Web server / FTP server > > > My current rules to allow http are (no other rules included): > > > iptables -t nat -A PREROUTING -p tcp -d 172.16.1.34 --dport 80 -j DNAT \ > --to 192.168.0.20 > iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE > > iptables -A FORWARD -i eth0 -p tcp -d 192.168.0.20 --dport 80 -m state \ > --state NEW,ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth1 -p tcp -s 192.168.0.20 --source-port 80 -j \ > ACCEPT > > I know I need to use ip_conntrack_ftp; however I am not sure if > it allows port forwarding... > > Really basic question, but I was wondering what everybody > is doing... > > Best regards, > Erick > > > This email message has been scanned for viruses. > > > > > This email message has been scanned for viruses. > This email message has been scanned for viruses.
