Hi Baltasar,
Sorry, it was a typo, _nat is defined as "iptables -t nat -A POSTROUTING" so thats not the problem.
I was not clear enough, I don't have an ftp server, I just want to access internet ftp servers from my internal network
which is protected by the firewall. The firewall itself don't have any other running service but iptables.
Regards, and many thanks,
--
Ing. Ernesto Silva.
Coordinador de Desarrollo Web y Sistemas Abiertos
Universidad ORT Uruguay.
E-mail: silva@xxxxxxxxxx
Tel: (+598-2) 902-1505 ext. 206
former03 | Baltasar Cevc wrote:
Hi Ernesto, hi everybody,
_fwd="iptables -A FORWARD"
_nat="iptables -A POSTROUTING"
Postrouting is in the nat table, so you have to add "-t nat" to _nat and
make it
_nat="iptables -t nat -A POSTROUTING"
I'm having a problem to access internet ftp servers from my
internal network. I understand the ftp connection but I don't have
enough information about ip_conntrack_ftp and ip_nat_ftp modules, so
here is my situation.
Apart from that you will need more rules for FTP, that's the tricky
part. What worked well for me was using vsftpd with a port specifiaction
for the data connections and allow these ports in INPUT|FORWARD.
It may work using the ftp conntack module, but I don't know anything
about that. You will have to add some port 20 rule, though.
Baltasar
--
Baltasar Cevc
_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen
_____ http://www.former03.de
