Hi, try with this: modprobe nf_nat_ftp Em qua, 15 de ago de 2018 às 04:18, Vink, Ronald <ronald.vink@xxxxxxxxxxxx> escreveu: > > I did not change any proftpd settings , they are the default installation. I have to use active connection > The suggested line " iptables -t nat -A PREROUTING -p tcp --dport 20:21 -j DNAT --to-destination 10.10.203.10" made no difference. > I started the proftpd in the foreground with debug output, but there is no output when I try to connect via 4.9.59 system, the client just times-out. > With the 3.5.4 system I can see the connection coming in and responses to "ls" command in my ftp client. > > Does it have something to do with conntrack ? > > > -----Original Message----- > > From: Daniel [mailto:5960761@xxxxxxxxx] > > Sent: dinsdag 14 augustus 2018 16:55 > > To: Vink, Ronald > > Subject: Re: cant get ftp forwarding working > > > > I just checked my ftp server which is pure-ftp if the connection is > > active redirecting port 21 should be enough. For passive connection i > > have redirection on ports 31500-31600 but this should be explicitly > > mention in the ftp configuration. So please check your server > > configuration as the iptables rules looks Ok to me. > > > > On 14.08.2018 16:41, Vink, Ronald wrote: > > > Daniel > > > The requested outputs for both systems > > > =============================== > > > uname -a > > > Linux minos2.vla.boka 3.5.4-vessel #2 SMP Thu Apr 10 09:13:39 CEST 2014 > > i686 i686 i386 GNU/Linux > > > > > > iptables -L > > > Chain INPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain FORWARD (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain OUTPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > iptables -t nat -L > > > Chain PREROUTING (policy ACCEPT) > > > target prot opt source destination > > > DNAT tcp -- anywhere anywhere tcp dpt:ftp > > to:10.10.203.10:21 > > > > > > Chain INPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain OUTPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain POSTROUTING (policy ACCEPT) > > > target prot opt source destination > > > MASQUERADE all -- anywhere anywhere > > > > > > net.ipv4.ip_forward = 1 > > > ========================================= > > > uname -a > > > Linux minos1.vla.boka 4.9.59-vessel #2 SMP Tue Jul 17 08:27:20 CEST 2018 > > i686 i686 i686 GNU/Linux > > > > > > iptables -L > > > Chain INPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain FORWARD (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain OUTPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > iptables -t nat -L > > > Chain PREROUTING (policy ACCEPT) > > > target prot opt source destination > > > DNAT tcp -- anywhere anywhere tcp dpt:ftp > > to:10.10.203.10:21 > > > > > > Chain INPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain OUTPUT (policy ACCEPT) > > > target prot opt source destination > > > > > > Chain POSTROUTING (policy ACCEPT) > > > target prot opt source destination > > > MASQUERADE all -- anywhere anywhere > > > > > > net.ipv4.ip_forward = 1 > > > ================================== > > > > > > Thanks, > > > Ronald > > > > > >> Hello > > >> Please provide the output of : > > >> " iptable -L " and " iptable -t nat -L " also " sysctl > > >> net.ipv4.ip_forward " > > >> > > >> On 14.08.2018 15:37, Vink, Ronald wrote: > > >>> I want to forward ftp traffic from outside to a server in a local network. > > >>> I am using active ftp connection. > > >>> It is working with a 3.5.4 kernel system, but not on a newer 4.9.59 > > >>> > > >>> eth0 eth1 > > >>> |--------------------------| local |-------------------------------------------- > > >> | company |----------------------------| > > >>> |proftpd 10.10.203.10 |------------|10.10.203.150 Gateway 10.141.12.21|- > > --- > > >> -VPN----|10.101.34.25 ftp client | > > >>> |--------------------------| network |-------------------------------------------- > > >> | |----------------------------| > > >>> Working rules in 3.5.4 kernel system : > > >>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > >>> iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 21 -j DNAT --to- > > >> destination 10.10.203.10:21 > > >>> I have tried with all sorts of different rules, but have not been able to > > make > > >> it work. > > >>> Tried to google it, but found no working example. > > >>> Any hints? > > >>> > > >>> Ronald > > >>> > > >>> > > >> -- > > >> Best regards, > > >> Daniel > > > > > > -- > > Best regards, > > Daniel >
