gypsy wrote: > >>>When the default GW is set to the linux box (192.168.223.254) and > >>>passive FTP to a remote server is initiated, the FTP fails after > >>>connection because the internal IP of the remote machine (192.168.1.11) > >>>is seen rather than its external IP. This problem occurs only when > >>>passive FTP is used. We created a workaround for this by forcing all FTP to be active, not passive. We did this with jftpgw ( http://www.mcknight.de/jftpgw/jftpgw-0.13.5.tar.gz ) with a transparent proxy setup. This is the configuration: #!/bin/sh ./configure \ "--prefix=/usr" \ "--sysconfdir=/etc" \ "--localstatedir=/var" \ "--enable-crypt" \ "--enable-libwrap" \ "--with-logpath=/var/log" \ "$@" make all install And the jftpgw.conf: <global> serverport 21 defaultmode active debuglevel 8 changeroot never dropprivileges startsetup runasuser nobody loginstyle 0 logintime user commandtimeout 60 dnslookups no forwardlookups no hostcachetimeout 28800 initialsyst yes reverselookups no strictasciiconversion on syslogfacility daemon transfertimeout 120 transparent-proxy on welcomeline . </global> <servertype standalone> listen 192.168.223.254:2370 logstyle files logfile /var/log/jftpgw.log pidfile /var/run/jftpgw.pid </servertype> <servertype inetd> logstyle syslog </servertype> <from 0.0.0.0/0> access deny </from> <from 192.168.223.0/24> access allow </from> And the iptables line: iptables -t nat -A PREROUTING -p tcp -s 192.168.223.0/24 --dport 21 -j DNAT --to 192.168.223.254:2370 -- gypsy
