Hello Gateway to Debian 7.11 (3.2.0-4-686-pae), iptables v1.4.14. external interface ip: 1.1.1.1 internal interface ip: 192.168.1.1 An ftp server works inside the local network, for which you need to organize access from the outside. ip ftp server on the internal network: 192.168.1.55 Port of ftp server on internal network: 51 Lsmod output | grep ftp nf_nat_ftp 12 420 0 nf_conntrack_ftp 12533 2 nf_nat_ftp nf_nat 17913 2 iptable_nat, nf_nat_ftp nf_conntrack 43121 9 nf_conntrack_ipv4, nf_nat, iptable_nat, xt_conntrack, xt_state, nf_conntrack_ftp, nf_nat_ftp, xt_CT, nf_conntrack_netlink It doesn't work like this: iptables -t raw -A PREROUTING --dst 1.1.1.1 -p tcp --dport 55555 -j CT --helper ftp iptables -t nat -A PREROUTING -i ext --dst 1.1.1.1 -p tcp --dport 55555 -j DNAT --to-destination 192.168.1.55:51 The control connection opens, but there is no data flow. conntrack -E expect shows nothing. If we change so that the ftp server port is standard (ftp server settings and iptables settings), then everything works: iptables -t nat -A PREROUTING -i ext --dst 1.1.1.1 -p tcp --dport 55555 -j DNAT --to-destination 192.168.1.55:21 Please tell me what settings are needed to make available an ftp server running on a non-standard port?
