LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   FTP Through IPTables (https://www.linuxquestions.org/questions/linux-networking-3/ftp-through-iptables-15372/)

JHuizingh 03-01-2002 06:36 PM
FTP Through IPTables
 
I have a linux box set up to do IP Masquerading using iptables and a pretty simple script I found on the net.

When I try and connect to an ftp host using either a computer behind the IP Masqurading box or the actual box that's doing the masquerading, I can connect and login, but when I try and list a directory it just waits for a long time.

I'm pretty sure this has something to do with the IP Masquerading, but what? And how do I fix it?

iamnotherbert 03-01-2002 11:32 PM
I can try to help..
Couple things come to mind ..

Have you tried PASV?

Do you have the proper kernel modules loaded for ftp?

I belive you need to have the following modules.

ip_conntrack_ftp
ip_nat_ftp
ip_vs_ftp

What does you script look like?

-D

bbenz3 03-02-2002 09:31 PM
make sure that both port 21 and 20 are being forwarded correctly. from my understanding port 21 does part of the work in ftp (ie login) and 20 does some of the other.

Griffon26 03-03-2002 05:44 AM
Re: FTP Through IPTables
 
Quote:
Originally posted by JHuizingh
When I try and connect to an ftp host using either a computer behind the IP Masqurading box or the actual box that's doing the masquerading, I can connect and login, but when I try and list a directory it just waits for a long time.
The fact that it is also a problem when connecting from the box doing the masquerading indicates it's a problem on the other side. The FTP server is behind a firewall and is not configured properly. This means you will have to use PASV (passive) mode.

Passive mode will make sure that any connections made for transfers are initiated by the ftp server and not by your box. Obviously if they are initiated by your box, they bounce off the firewall at the other end and do not reach the FTP server.

JHuizingh 03-06-2002 03:14 PM
Sorry it took me so long to respond to your replies, I haven't had much time to work on the computer in the past week. Well, here is what my iptables script looks like:

modprobe ipt_MASQUERADE
modprobe iptable_filter
modprobe ipt_state
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -P INPUT DROP

it's pretty much an exact copy of one I found on the net. The modules that I load at the top are the only ones installed, so I'm not using the other ones. What do I have to do to use those too?

bbenz3 03-08-2002 11:37 PM
I am having somewhat of a similar problem. I am using passive mode and I can connect to the server and do anything I want from anywhere, but the router/firewall box itself. I would really like to be able to do this since I would like to be able to backup my scripts and stuff to my main system from the router.


All times are GMT -5. The time now is 07:21 AM.