FTP trouble at the iptables firewall of the Redhat Linux.

Rai Ou Mon, 09 Dec 2002 17:19:11 -0800
My gateway(firewall) is Redhat Linux 7.1 and I can only get 1 dynamic ip
from my provider.
So I create the IP-MASQURADE using iptables for my home-lan.

My target is "creating a FTP server at one of my home-lan machine(Redhat
7.2)". but now
I found it can be run as a FTP client but can't be run as a FTP server for
the Data Connection Error.

I know the FTP protocol need 2 connections (Control connectin & Data
connection) so I loaded this
modules at my firewall linux box:
----------------------------------------------------------
ip_nat_irc              4320   0  (unused)
ip_nat_ftp              3760   0  (unused)
ip_conntrack_irc     3040   0  (unused)
ip_conntrack_ftp     2480   0  (unused)
ipt_MASQUERADE     1712   1  (autoclean)
ipt_state             1200   3  (autoclean)
iptable_nat          16160   2  (autoclean) [ip_nat_irc ip_nat_ftp
ipt_MASQUERADE]
ip_conntrack       15824   4  (autoclean) [ip_nat_irc ip_nat_ftp
ip_conntrack_irc ip_conntrack_ftp 
     ipt_MASQUERADE ipt_state iptable_nat]
iptable_filter         2304   0  (autoclean) (unused)
ip_tables             11072   6  [ipt_MASQUERADE ipt_state iptable_nat
iptable_filter]
---------------------------------------------------------

and let me attache my firewall setting here:
#-------------------------------
# default INPUT/FORWARD policy
#-------------------------------
iptables -P INPUT DROP
iptables -P FORWARD DROP
#---------------------
# clear the chains
#---------------------
iptables -F
iptables -F -t nat
iptables -X
iptables -X -t nat
#---------------------
# make rule & chains
#---------------------
# Difene the default INPUT/FORWARD rule.
iptables -N default
iptables -A default -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A default -m state --state NEW -i eth0 -j ACCEPT
iptables -A default -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A default -j DROP
# Use the defaule rule to the INPUT/FORWARD chains.
iptables -A INPUT -j default
iptables -A FORWARD -j default

# Defile the pass chain and insert it to the FORWARD.
# - telnet -
iptables -t nat -A PREROUTING -i eth0 -d 219.105.XXX.XXX -p tcp --dport
10023 
  -j DNAT --to 192.168.0.128:23
# - ftp -
iptables -t nat -A PREROUTING -i eth0 -d 219.105.XXX.XXX -p tcp --dport
10021 
  -j DNAT --to 192.168.0.128:21
iptables -N pass
iptables -A pass -d 192.168.0.128 -p tcp --dport 23 -j ACCEPT
iptables -A pass -d 192.168.0.128 -p tcp --dport 21 -j ACCEPT
iptables -I FORWARD 1 -j pass

# Using the ipMASQUERADE at the POSTROUTING chain.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE



Now I want to know the reason of why I can't make the FTP data connection to
the home-lan FTP Server. or...... maybe it is the Impossible mission ???

Rai





-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
FTP trouble at the iptables firewall of the Redhat Linux.

Reply via email to
