Hi all,
I am new to the list. I have spent several hours scouring the
archives trying to find out how to send external ftp requests to an
internal server while at the same time allowing clients behind the
firewall to access external ftp servers. (currently requests from
internal clients to external ftp servers time out).
Any suggestions would be greatly appreciated!
Here are the rules that I have in place:
#Load Modules
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
#Send ftp to an internal machine
$IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d $MYADDR --dport 20
-j DNAT --to 192.168.2.5:20
$IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.2.5 --dport 20 -j
ACCEPT
$IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d $MYADDR --dport 21
-j DNAT --to 192.168.2.5:21
$IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.2.5 --dport 21 -j
ACCEPT
#Masquerade internal connections going out.
$IPTABLES -A POSTROUTING -t nat -o $EXTERNALIF -j MASQUERADE
$MYADDR is the firewall external address
$EXTERNALIF is the external interface (eth0)
$INTERNALIF is the internal interface (eth1)
Travis Crook
Visions Beyond
