Em 14/08/2018 09:37, Vink, Ronald escreveu:
I want to forward ftp traffic from outside to a server in a local network.
I am using active ftp connection.
It is working with a 3.5.4 kernel system, but not on a newer 4.9.59
eth0 eth1
|--------------------------| local |--------------------------------------------| company |----------------------------|
|proftpd 10.10.203.10 |------------|10.10.203.150 Gateway 10.141.12.21|-----VPN----|10.101.34.25 ftp client |
|--------------------------| network |--------------------------------------------| |----------------------------|
Working rules in 3.5.4 kernel system :
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 21 -j DNAT --to-destination 10.10.203.10:21
I have tried with all sorts of different rules, but have not been able to make it work.
Tried to google it, but found no working example.
Any hints?
Ronald
Hello Vink.
I had the same issue in a very specific scenario regarding FTP NAT. My
rules were working on kernel 4.6, stopped working on 4.7 and started
working again from version 4.13.
It was the very same ruleset, nothing was changed. At the time I tested
them on 3 different distros and all had the same behaviour. I still
don't know what happened in between those versions, even the changelog
doesn't say much.
So you may want to try upgrading your kernel, if possible.
My original post is here:
https://www.spinics.net/lists/netfilter/msg57478.html
Good luck!
