Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello. So here is my issue in a nutshell. I need to take FTP requests that hit Server_A and forward them to Server_B. Server_B is not natted...Server_B is another public server in a completely different location in the world. One thing to note is that I only have one NIC hence why you will see both in and out being eth0. This is what I have in my iptables on SERVER_A:
iptables -A FORWARD -p tcp -i eth0 --sport 21 -o eth0 -d SERVER_B --dport 21 -m state --state NEW -j ACCEPT
iptables -A FORWARD -p tcp -i eth0 --sport 20 -o eth0 -d SERVER_B --dport 20 -m state --state NEW -j ACCEPT
I've also tried both of the above without the --sport option. When I FTP to SERVER_A (where the above iptables rule are) it connects to SERVER_A instead of forwarding them to SERVER_B. Any help would be greatly appreciated. Thanks in advance!
this will change the packets destination ( dst ) to go too server.b
replace ip.server.b.xx with the ip of server b
remember this will use your bandwidth for all transfers
because all data will pas thru you
oh and for the connections to come back i think you`l have to do a snat also :|
iptables -t nat -A POSTROUTING -m state --state ESTABLISHED,RELATED -p tcp --sport 20 -j SNAT --to ip.server.a.xx
i used state to make sure other packets can`d be snated except for established and related connections with sourceport 20
note that YOU SHOULD also put the ip.server.b.xx address in the above ... just to be sure
It is exactly what I want to do but it does not work for passive FTP.
As you know, passive FTP uses two ports, 21 that gives the commands and any port from about 30000 to 65000 to transfer the data.
When the client reaches the final FTP server (B server) it has the IP of the A server (as the client IP was Nated), the B server answers with the port number to use for data transfer, this answer goes through A server then to the client.
At this moment the client knows what port to use for data transfer and try to connect to this port.
The problem is that the client instead of connecting to the A server that forward to the B server, it goes directly into the B server which do not know what it wants as the IP is, of course, different from the A server (that Nated the client IP) to which it answered earlier.
How is it possible to have the client connect to the data port through the same path (Client ==>Server ==>A ==> Server B) ?
My problem is not on port 21 it on the port used to transfer data (port 30000 to 65000), they are opened after port 21 on a second connexion. It is this second connection that is posing problems.
That's why I suggested loading nf_nat_ftp. It should dynamically forward ports and rewrite the addresses in FTP control traffic, unless the data connection using IPv6.
Well it worked perfectly on two different test machine but not on the one that I want to...can you believe it ?
I have done the same setup but I cannot get the data port to work all the time!
On the same PC if I connect to the FTP server with Firefox it works well all the time, if I try with FileZilla it does not work, I cannot list file and folder.
If I try from my iPhone using my home Wifi it works all the time, if I try using the same iPhone using the G3 connexion it does not work. If I try with the same iPhone from another Wifi spot, it does not work.
So, sometime it works, sometime it does not work, of course I cannot say "it is OK" I have to find why...
The only difference on the 3 servers, is that the one that does not work is not connected to a router, it is connect "directly" on Internet through the data center equipment (their equipment is supposed to be transparent).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.