LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Natting a FTP Traffic - urgent please!!!!! (https://www.linuxquestions.org/questions/linux-security-4/natting-a-ftp-traffic-urgent-please-339779/)

raja_lucky22 07-04-2005 02:36 AM
Natting a FTP Traffic - urgent please!!!!!
 
Hi ,

Iam relatively new to Linux . Iam trying to do a Natting for the following scenario .

My SETUP has a client ( A ) which is a Linux machine, an Intermediate gateway (B ) which is also supposed to be a Linux box and an FTP server (C) .
I have a firewall in place in my FTP server i.e C which says it could receive
FTP Connection only from B (The intermediate Gateway) . So Inorder to make my client A to do a FTP to Server C , I wrote a set of NAT rules on all the three machines .

Pls Note : My setup is such that all the FTP traffic that Client A generates will be forwarded to only B .

FTP Request from A to C :

eth0A eth0B eth1B eth0C
A ----------------------> B ------------------------> C

eth0A --- 10.0.0.2
eth0B --- 10.0.0.1
eth1B --- 20.0.0.1
eth0C --- 20.0.0.2


MY NAT RULES on A :

iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.2 --dport 21 -o eth0 -j SNAT --to 10.0.0.2:8075

NAT RULE on B :

iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.2 --sport 8075 -o eth1 -j SNAT --to 10.0.0.1:32000

iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.2 --sport 8076 -o eth1 -j SNAT --to 10.0.0.1:33000

iptables -t nat -A OUTPUT -p tcp -d 10.0.0.1 --dport 32000 -o eth0 -j DNAT --to 10.0.0.2:8075
iptables -t nat -A OUTPUT -p tcp -d 10.0.0.1 --dport 33000 -o eth0 -j DNAT --to 10.0.0.2:8076


So After writing this rules I could initiate FTP connection to C from Both A and B . But unfortunately here is the problem I face . I couldn't establish
FTP data Connection (neither Active nor passive ) from A to C thought from B to C its possible .

Its says FTP Error: 500 Illegal PORT Command . So I couldn't do any data transfer from my FTP server C to client A . I hope all the Nat rules I have written were correct .

BTW if my understanding is right ,if it's an active FTP data server initiates the Data connection channel . So the ultimate stand off is by the time the packet reaches B , we couldn't find for which client ( A or B ) , the traffic is destined to . So Iam clearly confused how to make my FTP from A to C work.

I desperately need help in this regard .
Thanks in Advance .

Regards ,
Rajasekaran .

Capt_Caveman 07-04-2005 06:56 AM
Please do not post the same thread more than once. Having multiple threads makes things confusing and wastes disk space. Thanks.

http://www.linuxquestions.org/rules.php


All times are GMT -5. The time now is 09:21 AM.