Hi All, I've a problem with ftpserver behind a NAT. My necessity is to run ftpserver in a different port then 21. This is the situation:
Router | Firewall | Ftpserver
I use this modules ad pass these parameters :
/sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp ports=21,9000 /sbin/modprobe iptable_nat /sbin/modprobe ip_nat_ftp ports=21,9000 /sbin/modprobe ipt_MASQUERADE /sbin/modprobe ipt_state
The realtive iptables rules are only these:
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXT_LAN_FW --dport 9000 -j NAT --to-destination $IP_FTPSERVER:9000
$IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 9000 -j ACCEPT -d $IP_FTPSERVER
Unfortunately don't work!
VERY IMPORTANT :
- All work fine is the port is 21!!
- When I try to connect with my ftp-client(with port 9000), at a certain point I tray to send packets to local IP of firewall ($EXT_LAN_FW).....
Others Questions:
- In the source code of ip_conntrack_ftp there is a variable "MAX_PORTS", but I don't understand what mean... - What is "Patch-O-Matic" ?
Thanks a lot in advance! iansolo
ps: excuse me, my English is poor
