If you cannot even connect to your FTP server from the local Lan (ie ftp 192.168.1.2
) then something is wrong with the configuration of your server or your whole network configuration. Having NAT to the internet should have no influence on connections that stay inside your Lan.
For others to be able to connect to your ftp server from outside your Lan, you need to configure the router to forward incoming connections from the inet on ports 20 and 21 to your ftp server.
This could be done like the following:
First you need to accept incoming connections on these ports:
iptables -A INPUT -i ppp0 -p tcp --destination-port 20 -m state --state NEW -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --destination-port 21 -m state --state NEW -j ACCEPT
Then you need to translate the connections' destination addresses (from your router's ppp0 to your ftp server's eth0) and forward them to your ftp server:
iptables -t nat -A PREROUTING -i ppp0 -p tcp --destination-port 20 -j DNAT --to-destination 192.168.1.2
iptables -t nat -A PREROUTING -i ppp0 -p tcp --destination-port 21 -j DNAT --to-destination 192.168.1.2
I have not tested this but to my knowledge it should work. Anyone pls feel free to correct or supplement me. If you do not understand what these iptables lines do then consult man iptables
or any iptables/nat howto on the web.