Re: FTP through Firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Davis Sylvester wrote:

iptables -A FORWARD -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state NEW -i eth4 -o
eth5 -d 1.1.1.2 -p tcp --dport ftp -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -d 208.1.1.1 -p
tcp --dport ftp -j DNAT --to 1.1.1.2
Shouldn't the PREROUTING rule's interface option (-i) match the one in the FORWARD rule?
You're doing DNAT for packets from eth1, but allowing packets to the ftp box that come from eth4.
Right now the packets are DROPped/REJECTed depending on your filter FORWARD policy. 

HTH,
	Alex
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux