LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Natting a FTP Traffic - urgent please!!!!!
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 07-04-2005, 02:36 AM   #1
raja_lucky22
LQ Newbie
 
Registered: Jul 2005
Posts: 3

Rep: Reputation: 0
Natting a FTP Traffic - urgent please!!!!!

Hi ,

Iam relatively new to Linux . Iam trying to do a Natting for the following scenario .

My SETUP has a client ( A ) which is a Linux machine, an Intermediate gateway (B ) which is also supposed to be a Linux box and an FTP server (C) .
I have a firewall in place in my FTP server i.e C which says it could receive
FTP Connection only from B (The intermediate Gateway) . So Inorder to make my client A to do a FTP to Server C , I wrote a set of NAT rules on all the three machines .

Pls Note : My setup is such that all the FTP traffic that Client A generates will be forwarded to only B .

FTP Request from A to C :

eth0A eth0B eth1B eth0C
A ----------------------> B ------------------------> C

eth0A --- 10.0.0.2
eth0B --- 10.0.0.1
eth1B --- 20.0.0.1
eth0C --- 20.0.0.2


MY NAT RULES on A :

iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.2 --dport 21 -o eth0 -j SNAT --to 10.0.0.2:8075

NAT RULE on B :

iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.2 --sport 8075 -o eth1 -j SNAT --to 10.0.0.1:32000

iptables -t nat -A POSTROUTING -p tcp -s 10.0.0.2 --sport 8076 -o eth1 -j SNAT --to 10.0.0.1:33000

iptables -t nat -A OUTPUT -p tcp -d 10.0.0.1 --dport 32000 -o eth0 -j DNAT --to 10.0.0.2:8075
iptables -t nat -A OUTPUT -p tcp -d 10.0.0.1 --dport 33000 -o eth0 -j DNAT --to 10.0.0.2:8076


So After writing this rules I could initiate FTP connection to C from Both A and B . But unfortunately here is the problem I face . I couldn't establish
FTP data Connection (neither Active nor passive ) from A to C thought from B to C its possible .

Its says FTP Error: 500 Illegal PORT Command . So I couldn't do any data transfer from my FTP server C to client A . I hope all the Nat rules I have written were correct .

BTW if my understanding is right ,if it's an active FTP data server initiates the Data connection channel . So the ultimate stand off is by the time the packet reaches B , we couldn't find for which client ( A or B ) , the traffic is destined to . So Iam clearly confused how to make my FTP from A to C work.

I desperately need help in this regard .
Thanks in Advance .

Regards ,
Rajasekaran .
 
Old 07-04-2005, 06:56 AM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Please do not post the same thread more than once. Having multiple threads makes things confusing and wastes disk space. Thanks.

http://www.linuxquestions.org/rules.php
 
  


Closed Thread



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 12:09 AM
Urgent Help: Perl FTP Script Using NET::FTP xboxter Programming 8 05-16-2005 06:57 PM
Monitor ftp traffic with vsftpd Alex_jacobson Linux - General 7 02-28-2005 05:58 PM
natting traffic between 2 interfaces nukenstien Linux - Networking 2 02-13-2005 11:12 PM
urgent help needed on ftp proxy Brook Linux - Security 3 08-15-2003 10:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:48 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration