I need to forward the ftp trafic. Whith my ftp client I can log in but I don't see anything - no file, no directory. This are my rules: Code: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j DNAT --to-destination 10.0.1.1 iptables -A FORWARD -i eth0 -m state --state NEW -p tcp -d 10.0.1.1 --dport 21 -j ACCEPT iptables -t nat -A POSTROUTING -o vif1.0 -p tcp --dport 21 -j SNAT --to-source 10.0.1.1 That's the log from me ftpclient filezilla: Code: Befehl: USER web4_abc Antwort: 331 Password required for web4_abc. Befehl: PASS ***** Antwort: 230 User web4_abc logged in. Befehl: FEAT Antwort: 211-Features: Antwort: 211-MDTM Antwort: 211-REST STREAM Antwort: 211-SIZE Antwort: 211 End Befehl: SYST Antwort: 215 UNIX Type: L8 Status: Verbindung hergestellt Status: Verzeichnisinhalt wird abgeholt... Befehl: PWD Antwort: 257 "/" is current directory. [COLOR="Red"]Befehl: PORT 192,168,1,4,14,24[/COLOR] This last red line I don't understand
Would be better to know what linux you have and what ftpd you use , anyway these are my iptables : # FTP /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $GATEWAY --dport 21 -j DNAT --to $FTP:21 /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d $GATEWAY --dport 20 -j DNAT --to $FTP:20 If you have a default DROP also: /sbin/iptables -A FORWARD -i eth0 -p tcp -d $FTP -m multiport --dports 20,21 -j ACCEPT ... and if you use passive ftp and ... if ... you have proftpd go to proftpd.conf and assigne passive ftp ports : PassivePorts(i say best)60000:65535 and in iptables . ciao !
It's an iptables function you can target as many ports as you need.FTPD in particular needs an extra tcp port for data-transfer (20) + ,as i sayd above, if you do passive ftp, it can use any port from 30000 to 65535(if i'm not wrong) so becomes a bit difficult to configure in the firewall unless you don't declare it it the configuration as i sayd !
