Re: cant get ftp forwarding working

Daniel <5960761@xxxxxxxxx> · Tue, 14 Aug 2018 17:11:54 +0300

please try this:

iptables -t nat -A PREROUTING -p tcp --dport 20:21 -j DNAT 
--to-destination 10.10.203.10

On 14.08.2018 16:41, Vink, Ronald wrote:
Daniel
The requested outputs for both systems
===============================
uname -a
Linux minos2.vla.boka 3.5.4-vessel #2 SMP Thu Apr 10 09:13:39 CEST 2014 i686 i686 i386 GNU/Linux

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere            tcp dpt:ftp to:10.10.203.10:21

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

net.ipv4.ip_forward = 1
=========================================
uname -a
Linux minos1.vla.boka 4.9.59-vessel #2 SMP Tue Jul 17 08:27:20 CEST 2018 i686 i686 i686 GNU/Linux

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:ftp to:10.10.203.10:21

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

net.ipv4.ip_forward = 1
==================================

Thanks,
Ronald

Hello
Please provide the output of :
" iptable -L "  and  " iptable -t nat -L "   also " sysctl
net.ipv4.ip_forward "

On 14.08.2018 15:37, Vink, Ronald wrote:
I want to forward ftp traffic from outside to a server in a local network.
I am using active ftp connection.
It is working with a 3.5.4 kernel system, but not on a newer 4.9.59

                                                                        eth0                                                        eth1
|--------------------------|       local    |--------------------------------------------
|  company  |----------------------------|
|proftpd  10.10.203.10 |------------|10.10.203.150 Gateway 10.141.12.21|----
-VPN----|10.101.34.25 ftp client |
|--------------------------|  network |--------------------------------------------
|                       |----------------------------|
Working rules in 3.5.4 kernel system :
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 21 -j DNAT --to-
destination 10.10.203.10:21
I have tried with all sorts of different rules, but have not been able to make
it work.
Tried to google it, but found no working example.
Any hints?

Ronald

--
Best regards,
Daniel

--
Best regards,
Daniel