I have the following setup:
One computer running Slackware 9 with IPTables 1.2.7a protecting a small home network with 4 computers on it. One of these computers (192.168.10.2) is running Windows 2003 and an FTP-server (not IIS) hosting two "sites" one on port 1045 and the other on port 2069. But you can't connect to the FTP-server from the internet using passive mode.
I could open up some ports to allow passive FTP to work but I've heard/read somewhere that iptables could open ports for passive ftp on demand. I've tryed using the ip_conntrack_ftp and it gives me the abillity to use passive FTP from clients in the network to servers on the internet but I still can't use passive FTP from the internet to my server.
Is there anyplace where I can get some more information on using ip_conntrack_ftp and ip_nat_ftp?
My firewallscript:
eth0=internet
eth1=network
# Load modules
modprobe ip_conntrack_ftp ports=21,1045,2096
modprobe ip_nat_ftp ports=21,1045,2069
# Clear
iptables -F
iptables -t nat -F
# NAT
echo 1 > /proc/sys/net/ipv4/ip_forw
ard
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Starta NAT
iptables -A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections <-- Are those lines correct?
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow incomming traffic
# FTP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1045 -j DNAT --to 192.168.10.2 # FTP 1
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2069 -j DNAT --to 192.168.10.2 # FTP 2
There are some more but it's just forwarding some ports for a number of programs.
Start Free Trial
