LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Problem with Iptables (https://www.linuxquestions.org/questions/linux-networking-3/problem-with-iptables-793875/)

longvnit 03-07-2010 11:37 PM
Problem with Iptables
 
Hi everybody
I am building 1 system includes 1 firewall server using iptables 1 Webserver && 1 FTP server

On FTP server IP: 192.168.1.2 - GW: 192.168.1.1, i installed ProFTPD successfully. In LAN i do everything successfull.

On Firewall server <IP PUBLIC> on eth0 && IP LAN eth1: 192.168.1.1

Iptables rules:

Code:
# Generated by iptables-save v1.3.5 on Sun Mar  7 21:01:16 2010
*nat
:PREROUTING ACCEPT [950:126970]
:POSTROUTING ACCEPT [89:5880]
:OUTPUT ACCEPT [19:1342]
-A PREROUTING -d <IP PUBLIC> -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.1.2:21
-A POSTROUTING -s 192.168.1.2 -o eth0 -j SNAT --to-source <IP PUBLIC>
COMMIT
# Completed on Sun Mar  7 21:01:16 2010
# Generated by iptables-save v1.3.5 on Sun Mar  7 21:01:16 2010
*filter
:INPUT DROP [1599:157409]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [232:34452]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
COMMIT
# Completed on Sun Mar  7 21:01:16 2010
In FTP server i access to internet good.
I check port 21 on IP PUBLIC , it's return Open.

But when i using ftp command then it's show
Code:
Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
Aborting any active data connections...
ftp> bye

C:\Documents and Settings\LONGVNIT>ftp <IP PUBLIC>
Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp>
Please Help me. Thanks!

smoker 03-08-2010 07:59 AM
You can't connect to a public ip from inside the network. Go somewhere else and test it.

Also read about the PASV ftp settings:
http://www.cyberciti.biz/faq/iptable...s-not-working/

nimnull22 03-08-2010 11:11 AM
You probably need to load in Iptables special module to trace FTP connections. It might be called "nf_nat_ftp" or "nf_nat_tftp". Check about it.

longvnit 03-08-2010 11:15 PM
Quote:
Originally Posted by smoker (Post 3890193)
You can't connect to a public ip from inside the network. Go somewhere else and test it.

Also read about the PASV ftp settings:
http://www.cyberciti.biz/faq/iptable...s-not-working/
I don't connect from Local using IP PUBLIC , i in other places.
In local i used IP LAN connect and successfully.


Problem is : connect FTP successfully but get data unsuccess.

smoker 03-09-2010 02:40 AM
That's because you have to set up PASV port forwarding.

mario.almeida 03-09-2010 02:44 AM
Hi,

Open ftp-data port (20)


All times are GMT -5. The time now is 07:19 PM.