Hi all,
I have spent several hours scouring the
archives trying to find out how to send external ftp requests to an
internal server while at the same time allowing clients behind the
firewall to access external ftp servers. (currently requests from
internal clients to external ftp servers time out).
Any suggestions would be greatly appreciated!
Here are the rules that I have in place:
#Load Modules
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
#Send ftp to an internal machine
$IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d $MYADDR --dport 20
-j DNAT --to 192.168.2.5:20
$IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.2.5 --dport 20 -j
ACCEPT
$IPTABLES -A PREROUTING -t nat -i $EXTERNALIF -p tcp -d $MYADDR --dport 21
-j DNAT --to 192.168.2.5:21
$IPTABLES -A FORWARD -i $EXTERNALIF -p tcp -d 192.168.2.5 --dport 21 -j
ACCEPT
#Masquerade internal connections going out.
$IPTABLES -A POSTROUTING -t nat -o $EXTERNALIF -j MASQUERADE
$MYADDR is the firewall external address
$EXTERNALIF is the external interface (eth0)
$INTERNALIF is the internal interface (eth1)
My apologies if this question has already been answered (probable) and ask
forgiveness for my lack of being able to find it.
Travis Crook
Visions Beyond
