[ILUG] iptables, nat and ftp stopped working
Conor Daly
conor.daly at oceanfree.net
Thu Oct 3 18:42:25 IST 2002
On Thu, Oct 03, 2002 at 12:39:39PM +0100 or so it is rumoured hereabouts,
Paul Jakma thought:
> On Thu, 3 Oct 2002, John Allman wrote:
>
> > In the end i got things going again by setting up passive ftp to work
> > properly. i still dont know why active ftp didn't/doesn't work
>
> because you only setup filtering rules. you need to add a rule in the
> 'nat' table, POSTROUTING to do SNAT/MASQUERADE, and make sure you have
> the ftp connection tracking installed. :) OTOMH:
>
> iptables -t nat -I POSTROUTING -i <internal> -o <external> --dport ftp
> -j MASQUERADE
>
> (or -j SNAT <myexternal ip>
On a related subject, I have a firewall on a dialup box that grabs the
external IP address after dialup and sets up the firewall based on that.
The only problem with this setup is the time it takes the firewall to come
up (up to 1 minute at times). I plan to change the firewall rules to use
$EXTERNAL_INTERFACE instead of $EXTERNAL_IP so that the firewall can stay
up all the time rather than needing to come up at each dialup. However,
will this fail since I'll need the external IP address for the NAT stuff
anyhow? Know what I mean?
Conor
--
Conor Daly <conor.daly at oceanfree.net>
Domestic Sysadmin :-)
---------------------
Faenor.cod.ie
4:26pm up 33 days, 20:54, 0 users, load average: 0.00, 0.00, 0.00
Hobbiton.cod.ie
4:20pm up 33 days, 20:29, 2 users, load average: 0.26, 0.13, 0.09
More information about the ILUG
mailing list