Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

iptables ftp forwarding fails, all other forwards works
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
gondolin
Apprentice
Apprentice


Joined: 09 Apr 2003
Posts: 158
PostPosted: Sun Jun 10, 2007 7:54 pm    Post subject: iptables ftp forwarding fails, all other forwards works Reply with quote
I'm trying to forward ftp traffic from my firewall to my dmz ftp server, it won't work.
I can't forward http, ssh, hht-alt and vpt to serveral onter and eve nthe same dmz server but no ftp.

what i'm i missing here ?
Code:
# FTP_SRV port 21
iptables -t nat -A PREROUTING -i ${INT} -p tcp -d ${IP_INT} --dport ${PFTP} -j DNAT --to-destination ${FTP_SRV}
iptables -A FORWARD -i ${INT} -d ${FTP_SRV} -p tcp --dport ${PFTP} -m state --state NEW -j ACCEPT
# FTP_SRV port 20
iptables -t nat -A PREROUTING -i ${INT} -p udp -d ${IP_INT} --sport ${PFTP2} -j DNAT --to-destination ${FTP_SRV}
iptables -A FORWARD -i ${INT} -d ${FTP_SRV} -p udp --sport ${PFTP2} -m state --state NEW -j ACCEPT
iptables -t nat -A POSTROUTING -o ${INT} -s ${FTP_SRV} -j SNAT --to-source ${IP_INT}


# VPN_SRV port 1194
iptables -A FORWARD -i ${INT} -d ${VPN_SRV} -p udp --dport ${PVPN} -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -i ${INT} -p udp -d ${IP_INT} --dport ${PVPN} -j DNAT --to-destination ${VPN_SRV}
iptables -t nat -A POSTROUTING -o ${INT} -s ${VPN_SRV} -j SNAT --to-source ${IP_INT}
# MAIL_SRV port 25
iptables -A FORWARD -i ${INT} -d ${MAIL_SRV} -p tcp --dport ${PMAIL} -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -i ${INT} -p tcp -d ${IP_INT} --dport ${PMAIL} -j DNAT --to-destination ${MAIL_SRV}
iptables -t nat -A POSTROUTING -o ${INT} -s ${MAIL_SRV} -j SNAT --to-source ${IP_INT}

Kernel
Code:
iptable_filter          3328  1
ipt_MASQUERADE          3584  1
iptable_nat             6660  1
nf_nat                 14380  2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4      12684  13 iptable_nat
nf_conntrack           44552  6 nf_conntrack_ftp,xt_state,ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
iptable_mangle          3200  0
Back to top
View user's profile Send private message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397
PostPosted: Mon Jun 11, 2007 2:41 pm    Post subject: Reply with quote
i am not completely sure about this, but maybe you have to activate NF_CONNTRACK_FTP in your kernel.
Back to top
View user's profile Send private message
gondolin
Apprentice
Apprentice


Joined: 09 Apr 2003
Posts: 158
PostPosted: Tue Jun 12, 2007 5:45 pm    Post subject: Reply with quote
as you can see it's active
Code:
nf_conntrack           44552  6 nf_conntrack_ftp,

or is this a wrong one ?
Back to top
View user's profile Send private message
alex.blackbit
Advocate
Advocate


Joined: 26 Jul 2005
Posts: 2397
PostPosted: Wed Jun 13, 2007 1:03 pm    Post subject: Reply with quote
this is what i thought.
sorry, no idea.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy