how to port forward

talusog · 03-22-2007, 10:33 PM

hello everyone..
what is the command to forward port 21(ftp) request to 192.168.x.xx(this acts as a ftp server) in my linux gateway.i am using mandrake 10.can anybody pls help me.i cannot connect to my ftp server when i try to access it outside.

Quigi · 03-23-2007, 08:45 AM

Usually 'iptables', but I don't know Mandrake. Iptables is discussed plenty and recently on linuxquestions.

You probably have NAT-HOWTO.html right on your coputer, maybe in /usr/share/doc/iptables/html/ -- otherwise see http://www.netfilter.org/documentati...NAT-HOWTO.html. It states that port forwarding is a form of DNAT, and explains how to do it.

linuxjamil · 03-23-2007, 02:59 PM

I dont know why u need to forward the port as 21 port data connefction port already assigned for ftp service ...used for enabling data control connection for ftp server

ethics · 03-23-2007, 08:11 PM

Quote:

Originally Posted by linuxjamil

I dont know why u need to forward the port as 21 port data connefction port already assigned for ftp service ...used for enabling data control connection for ftp server

If his linux gateway is infact a gateway as suggested, he would need to forward the connections onto a machine running the ftp server...

talusog · 03-24-2007, 10:38 PM

yah.i have a linux gateway which is also a proxy cahing server(squid)and i want to forward ftp connections to my ftp server(cerberus ftp)that runs on windows 2003 which is inside my network.i have no bright idea about port forwarding on linux so i jump into this forum for help and info..anyway i have done searching and looking at some linux forums and someone suggested that i should used rinetd but further searching revealed that rinetd does not redirect ftp because ftp uses more that one socket.another one suggested that i should do this iptable rule on my firewall script:

iptables -t nat -I PREROUTING -p tcp -i INTERNET --dport 21 -j DNAT --to 192.168.x.xx:21

where INTERNET is my gateway(eth0).

is that correct? or is there anything else that i should do.how about rinetd?is it true that rinetd wont work on ftp or is there a workaround for it?

thanks for all the help and suggestions.

fotoguy · 03-28-2007, 01:57 AM

Quote:

Originally Posted by talusog

yah.i have a linux gateway which is also a proxy cahing server(squid)and i want to forward ftp connections to my ftp server(cerberus ftp)that runs on windows 2003 which is inside my network.i have no bright idea about port forwarding on linux so i jump into this forum for help and info..anyway i have done searching and looking at some linux forums and someone suggested that i should used rinetd but further searching revealed that rinetd does not redirect ftp because ftp uses more that one socket.another one suggested that i should do this iptable rule on my firewall script:

iptables -t nat -I PREROUTING -p tcp -i INTERNET --dport 21 -j DNAT --to 192.168.x.xx:21

where INTERNET is my gateway(eth0).

is that correct? or is there anything else that i should do.how about rinetd?is it true that rinetd wont work on ftp or is there a workaround for it?

thanks for all the help and suggestions.

Yeah that's getting the idea, but you also need to turn on port forwarding in the kernel if it's not already turned on, most distro's will not turn it on by default. try

turn on ip forwarding:

Code:

echo "1" > /proc/sys/net/ipv4/ip_forward

turn off ip forwarding

Code:

echo "0" > /proc/sys/net/ipv4/ip_forward

And then you will need a forwarding rule to allow the packet to now traverse the forward chain:

Code:

iptables -A FORWARD -p tcp -i INTERNET --dport 21 -d 192.168.x.xx -j ACCEPT

And I think you will need to load the modules for ftp tracking, this is used to except the data port 20 that ftp uses

Code:

/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp