Hi,
I'm having a problem to access internet ftp servers from my internal network. I understand the ftp connection but I
don't have enough information about ip_conntrack_ftp and ip_nat_ftp modules, so here is my situation.
I'm using iptables 1.3.3-3, I have the mentioned modules loaded and wrote the following rules:
_fwd="iptables -A FORWARD"
_nat="iptables -A POSTROUTING"
$_fwd -i $INT_IF -p tcp -s $INT_NET --sport 1024: -o $INET_IF --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$_fwd -i $INET_IF -p tcp --sport 21 -o $INT_IF -d $INT_NET --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT
$_nat -p tcp -s $INT_NET --sport 1024: -o $INET_IF --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j SNAT --to $INET_NIC
Are those rules enough? or do I need to set some rules for port 20 in both active and passive mode?
What is the ip_conntrack_ftp and ip_nat_ftp modules functionality?
Best regards,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Universidad ORT Uruguay.
E-mail: silva@xxxxxxxxxx
Tel: (+598-2) 902-1505 ext. 206
