Re: iptables, ftp and dnat?

iptables -A FORWARD -p tcp --dport 21 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to 10.1.1.32:21 I am not sure if you need the other ports for active as the conn track module should handle that for you (works on out going not 100% sure on incoming). You

Re: iptables, ftp and dnat?

> > It hangs after ls? Sounds like your data traffic gets jammed > > somehow. > > I know I'm jumping in halfway thru the conversation so this might have already been mentioned. But you may want to check if the firewall is blocking ICMP packets preventing PMTU being figured out correctly. The scen

Re: iptables, ftp and dnat?

all working >> now except how to get the iptables data connection in passive >> mode working. I can log in, etc just fine but when I do a "ls" >> after issuing the "passive" command it times out. >> >> The second example looks good but doesn&#x

Re: iptables, ftp and dnat?

t; mode working. I can log in, etc just fine but when I do a "ls" after > issuing the "passive" > command it times out. > > The second example looks good but doesn't handle the DNAT (the ftp > server is running on > another machine behind my firewall. It

Re: iptables, ftp and dnat?

days googling. > Unfortunately it's all working now except how to get the iptables data > connection in passive > mode working. I can log in, etc just fine but when I do a "ls" after > issuing the "passive" > command it times out. > > The second exam

Re: iptables, ftp and dnat?

RD > -p tcp --dport 21 -m state --state NEW -j ACCEPT iptables -t nat -A > PREROUTING -p tcp --dport 21 -j DNAT --to 10.1.1.32:21 > > I think I confused myself though, do I need the other rules I had > for port 20 or will the first INPUT rule above cover that? > >> have a look

Re: iptables, ftp and dnat?

" > /sbin/modprobe nf_conntrack_ftp > # General > iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT > iptables -A FORWARD -p tcp --dport 21 -m state --state NEW -j ACCEPT >

Re: iptables, ftp and dnat?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > Commenting it out, everything looks good until after I log in and try > to do an "ls" when it returns: > ftp> ls > 227 Entering Passive Mode (10,1,1,32,205,208). > > Then nothing

Re: iptables, ftp and dnat?

rewall startup script: > > > > /sbin/modprobe nf_conntrack_ftp $IPTABLES -A INPUT -p tcp --dport > > 21 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A > > PREROUTING -t nat -p tcp -i $IFACE --dport 21 -j DNAT --to > > 10.1.1.32:21 $IPTABLES -A OUTPUT -p tcp -

Re: iptables, ftp and dnat?

state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A > PREROUTING -t nat -p tcp -i $IFACE --dport 21 -j DNAT --to > 10.1.1.32:21 $IPTABLES -A OUTPUT -p tcp --dport 21 -m state --state > NEW,ESTABLISHED -j ACCEPT # Active $IPTABLES -A INPUT -p tcp > --sport 20 -m state --state ESTABLISH

Re: iptables, ftp and dnat?

On Fri, 2008-12-05 at 18:35 +0100, Robert L. Harris wrote: > From: > Robert L. Harris > <[EMAIL PROTECTED]> >To: > debian-user@lists.debian.org > > Subject

Re: iptables, ftp and dnat?

1 -m state --state > NEW,ESTABLISHED -j ACCEPT > $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 21 -j DNAT > - --to 10.1.1.32:21 > $IPTABLES -A OUTPUT -p tcp --dport 21 -m state --state > NEW,ESTABLISHED -j ACCEPT > # Active > $IPTABLES -A INPUT -p tcp --sport 20 -m

Re: iptables, ftp and dnat?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 yes it is and I am successfully routing port 80/http to a different server behind the firewall just fine. S Scharf wrote: > > > On Fri, Dec 5, 2008 at 12:52 PM, S Scharf <[EMAIL PROTECTED] > > wrote: > > > > On Fri, Dec 5,

Re: iptables, ftp and dnat?

On Fri, Dec 5, 2008 at 12:52 PM, S Scharf <[EMAIL PROTECTED]> wrote: > > > On Fri, Dec 5, 2008 at 12:35 PM, Robert L. Harris < > [EMAIL PROTECTED]> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> >> Help... I have the following in my firewall startup script: >> >> > > ... > >>

Re: iptables, ftp and dnat?

On Fri, Dec 5, 2008 at 12:35 PM, Robert L. Harris <[EMAIL PROTECTED] > wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Help... I have the following in my firewall startup script: > > ... > > I am trying to forward public internet ftp traffic to a machine behind > my firewall.

iptables, ftp and dnat?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Help... I have the following in my firewall startup script: /sbin/modprobe nf_conntrack_ftp $IPTABLES -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 21 -j DNAT

Re: DNAT problem in Shorewall

> Now for the negative part. The developer of Shorewall really doesn't like > doing what you are trying to do, but he does explain how to do it: > > http://shorewall.net/FAQ.htm#faq2 > > He would prefer that you connect your webserver to a thirdd network interface > on your firewall which would t

Re: DNAT problem in Shorewall

On Friday 15 Jul 2005 16:36, askar k wrote: > Hello! > > I came back home (the previous email I was sending from work) and > found that DNAT works!!! :) > > I wonder why it works now. But it should also work from LAN, am I right? > > And in my iptables -L | more I had

Re: DNAT problem in Shorewall

Hello! I came back home (the previous email I was sending from work) and found that DNAT works!!! :) I wonder why it works now. But it should also work from LAN, am I right? And in my iptables -L | more I had everything you asked me. Now, I'll have to check from work place if it works o

Re: DNAT problem in Shorewall

see it is blocking or dropping. If none of these add any info, then issue the following command on your firewall: # iptables -L|more This shows what your firewall is actually setup to do with any packets. Look for the section labelled "Chain net2loc". This is where the DNAT forward

Re: DNAT problem in Shorewall

On 7/15/05, TreeBoy <[EMAIL PROTECTED]> wrote: > I am now getting really confused. > > You have three machines in the subnet 192.168.0.0/24 > > They are: > > IPFQDN Description > 1 ??? Linux Firewall/Gateway > 100 www.mydomain.com Linux webserver

Re: DNAT problem in Shorewall

I am now getting really confused. You have three machines in the subnet 192.168.0.0/24 They are: IPFQDN Description 1 ??? Linux Firewall/Gateway 100 www.mydomain.com Linux webserver running apache ? ??? XP box You are tryin

Re: DNAT problem in Shorewall

On Friday 15 Jul 2005 11:10, askar k wrote: > > Sorry to sound tedious, but what do you mean "doesn't show the page" ? > > I mean that it doesn't show the page which can be shown by > http://192.168.0.100/ > > > Does the browser say it can't find the machine ? > > > > Does the browser display an er

Re: DNAT problem in Shorewall

askar k wrote: > In shorewall/rules I set up the line: > DNATnet loc:192.168.0.100 tcp 80 > Is my setting correct? It doesn't work. That sets it up so that any incoming connection from the zone defined as net on tcp port 80 is forwarded out the zone

Re: DNAT problem in Shorewall

shorewall/rules I set up the line: > DNATnet loc:192.168.0.100 tcp 80 > > I want requests come to port 80 be forwarded to local pc with ip > address 192.168.0.100. > On that pc I have web server running. So when I type in browser > mydomain.com it

DNAT problem in Shorewall

Hello! In shorewall/rules I set up the line: DNATnet loc:192.168.0.100 tcp 80 I want requests come to port 80 be forwarded to local pc with ip address 192.168.0.100. On that pc I have web server running. So when I type in browser mydomain.com it has to show the web page

Re: iptables and dnat

On Tue, 2004-08-31 at 08:40, Sturla Holm Hansen wrote: > when I try to insert > > iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT > --to-destination 192.168.1.2:80 > > I get > > iptables: No chain/target/match by that name > > Below is my /var

iptables and dnat

when I try to insert iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80 I get iptables: No chain/target/match by that name Below is my /var/lib/iptables/active What am I doing wrong? Anyone? Thanx :) Sturla #WinLin *nat :PREROUTING ACCEPT [0:0

Re: iptabels and DNAT problem

The problem is fixed -- Rudy Gevaert[EMAIL PROTECTED] Web pagehttp://www.webworm.org GNU/Linux user and Savannah hacker http://savannah.gnu.org ``Everything should be made as simple as possible, but not simpler.'' -- A. Einstein -- To UNSUBSCRIBE, ema

iptabels and DNAT problem

.0.76:25 I want to forward all trafic on port 22 on eth0:2 to 10.0.0.76:22 I have run the following rules: iptables -t nat -A PREROUTING -p tcp -d 157.x.x.9 --dport 80 -j DNAT --to-destination 10.0.0.75:80 iptables -t nat -A POSTROUTING -s 10.0.0.75 -p tcp --source-port 80 -o eth0 -j SNAT --to-s

Re: DNAT

also sprach Mattia Martinello <[EMAIL PROTECTED]> [2003.08.29.0112 +0200]: > iptables -t nat -A PREROUTING -p tcp -i eth1 -d $PublicIP -j DNAT > --to $ServerIP This works? > This DOESN'T work! > iptables -t nat -A PREROUTING -p tcp -i ppp0 -d $PublicIP --dport > 80

DNAT

ocalNET/24 -o ppp0 -j ACCEPT iptables -t nat -A POSTROUTING -s $LocalNET/255.255.255.0 -o eth2 -j MASQUERADE iptables -t nat -A PREROUTING -p tcp -i eth1 -d $PublicIP -j DNAT --to $ServerIP This DOESN'T work! iptables -t nat -A PREROUTING -p tcp -i ppp0 -d $PublicIP --dport 80 -j DNAT --to $S

Re: dhcp and dnat

Oops -- sent this directly to Stephen. Forwarding to list. Sorry Stephen. G Begin forwarded message: Date: Mon, 7 Oct 2002 14:25:45 -0500 From: Gerald Livingston <[EMAIL PROTECTED]> To: Stephen Gran <[EMAIL PROTECTED]> Subject: Re: dhcp and dnat On Sun, 6 Oct 2002 18:20:06 -0400

Re: dhcp and dnat

t; upstream's DHCP server and consequently DNATted (iptables) by the > firewall box. > > My thought was to let the firewall box be a proxy DHCP client (not > a relay), requesting multiple leases from the upstream DHCP server. > Once it obtained a lease it simply calls a custom scr

dhcp and dnat

. My thought was to let the firewall box be a proxy DHCP client (not a relay), requesting multiple leases from the upstream DHCP server. Once it obtained a lease it simply calls a custom script to set up iptables DNAT and SNAT appropriately. However, I am unsure on how to do this. dhcp3-client

Re: iptables DNAT

more info can come in handy while posting to this (or any other) mailing list. anyway, the right way to do it is : iptables -t nat -A PREROUTING -p tcp --dport 222 -i eth0 -j DNAT --to 192.168.0.1:22 this rule will forward all incoming traffic to port 222 (on eth0, change if these are not your

Re: iptables DNAT

On Tuesday 03 September 2002 09:14, sébastien wrote: > I 'have a linux woody install with a 2.4 kernel. > All necessary modules for iptables are compiled. > > but i can't make port redirect to another machine on my lan(for the > web server), i can just redirect on the local machine. > > can you h

iptables DNAT

hello,   I 'have a linux woody install with a 2.4 kernel. All necessary modules for iptables  are compiled.   but i can't make port redirect to another machine on my lan(for the web server), i can just redirect on the local machine.   can you help me   Thanks S.Guegniard BEGIN:VCARD VERSIO