Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all,
My apologies if that has been answered. It has been more than long half day to get my ftp server working. But no luck yet. here what my setup is,
internet--->linux router--->ftpserver(FileZilla on Windows XP) and someother PCs.
if you asked why dont i run ftp server on linux, I have ispconfig with http,email and other services running on linux box. the ftp server on windoes is just general purposes, not critical one.
the below command was done for ftp DNAT with no luck.
$IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp --dport 20:21 -j DNAT --to 192.168.1.3
I can access ftp server on XP in LAN, but not from outside world. Below is my iptables .
########################iptables config########################
#!/bin/bash
###########################################################################
#
# 4. IPTables rules set up.
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains.
#
$IPT -P INPUT ACCEPT #DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
#
# Do some checks for obviously spoofed IP's
#
$IPT -A INPUT -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPT -A INPUT -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPT -A INPUT -i $INET_IFACE -s 172.16.0.0/12 -j DROP
#blocking Yan Naung computer mac address
#iptables -A FORWARD -i eth0 -m mac --mac-source 00:16:e6:d7:04:92 -j LOG --log-prefix xxxxx
#iptables -A FORWARD -i eth0 -m mac --mac-source 00:16:e6:d7:04:92 -j DROP
##############################################################################
#
#ALLOWING PARTS
#
#
# Rules for special networks not part of the Internet
#
$IPT -A INPUT -p ALL -i $LAN_IFACE -d $LAN_BCAST_ADD -j ACCEPT
$IPT -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPT -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPT -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPT -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IPRANGE -j ACCEPT
#allow WEB server, Email server, ISPCONFIG
#iptables -t nat -A PREROUTING -i $IFACE -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1
$IPT -A INPUT -p tcp --dport 80:81 -j ACCEPT
$IPT -A INPUT -p tcp --dport 110 -j ACCEPT
$IPT -A INPUT -p tcp --dport 25 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
#allow ASTERISK VOIP Server
$IPT -A INPUT -p tcp --dport 5060:5061 -j ACCEPT
$IPT -A INPUT -p udp --dport 5060:5061 -j ACCEPT
$IPT -A INPUT -p udp --dport 10000:20000 -j ACCEPT
$IPT -A FORWARD -o $INET_IFACE -p udp --dport 5060:5061 -j ACCEPT
$IPT -A FORWARD -o $INET_IFACE -p tcp --dport 5060:5061 -j ACCEPT
$IPT -A FORWARD -o $INET_IFACE -p udp --dport 10000:20000 -j ACCEPT
#allow ftp server at 192.168.1.3**************************************
$IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp --dport 20:21 -j DNAT --to 192.168.1.3
#allow already establashed connections
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#allow forward any related/establashed packets from $INET_IFACE to LAN
$IPT -A FORWARD -i $INET_IFACE -o $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
#allow any outputs from LAN
$IPT -A INPUT -m state --state NEW -i ! $INET_IFACE -j ACCEPT
#allow forward anything from LAN to INTERNET
$IPT -A FORWARD -i $LAN_IFACE -o $INET_IFACE -j ACCEPT
Hummm,
strange, when i nmap, I dont even see port 21 there, that's what i got, when nmaped, nmap is done from another computer.any ideas??
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
81/tcp open hosts2-ns
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
833/tcp open unknown
901/tcp open samba-swat
993/tcp open imaps
995/tcp open pop3s
2000/tcp open callbook
3306/tcp open mysql
Hi
thanks for replies, the ftp server can be connected inside LAN, it just seems iptables is not DNATing it. I need to fiddle around a bit more, I guess.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.