Hi mntdew,
I don't think this is going to work for you. It looks to me as though the program is designed to run on the FTP server, which is why there is no possibility of specifying it; it's assumed to be localhost.
I might be wrong, but the way I envision your set up is Box1 is running the program that interfaces with the webstore; Box2 has the FTP server on it, and Box3 is running MySQL. You want the FTP traffic that Box1 receives to be forwarded to Box2 via iptables, while the MySQL traffic can be handled by the program (since the MySQL host server can be configured).
The problem I see is this: If the program needs to be told the FTP username, password, and path, it seems to me that information will not be provided by the remote users. Thus, you could (possibly) forward the port 21 traffic to a different host, perhaps using:
Code:
iptables -A PREROUTING -t nat -p -tcp -d $PUBLICIP --dport 21 -j DNAT --to $OTHERHOSTIP:21
(disclaimer -- untested)
However, *if* that works, the packets so forwarded will not have the information needed to establish and maintain an FTP session: If they did, then why does the program require that configuration information? Since iptables works at a (much) lower level, the program will not ever see the traffic forwarded off by iptables. So why ask for FTP information at all?
If you cannot specify the FTP host, then the FTP host must either be hard-coded, or be assumed to be the localhost, or is configured elsewhere. If it is the localhost (from my understanding above, Box2), then...why use FTP at all?
Or maybe I'm missing something...it *has* been a rather long day.