LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Forwarded ftp immediately drops connection (https://www.linuxquestions.org/questions/linux-networking-3/forwarded-ftp-immediately-drops-connection-151718/)

wilco 02-28-2004 10:18 PM
Forwarded ftp immediately drops connection
 
Hi, I have a really strange problem. I am trying to forward http and ftp traffic from my firewall with a public ip to an internal server with private ip. The http forwarding works without a problem but when I use the exact same rule to forward the ftp port the connection starts up but immediately drops. The logging for my ftp forward reveals this:

Client->FTP Server: SYN
FTP Server->Client: ACK SYN
Client->FTP Server: ACK
FTP Server->Client: ACK PSH
FTP Server->Client: ACK PSH
FTP Server->Client: ACK PSH
FTP Server->Client: ACK PSH
Client->FTP Server: RST

I have the following modules loaded in the kernel (2.4.24 from debian 3.0):
ipt_LOG 3448 2 (autoclean)
ipt_state 568 0 (autoclean)
ipt_MASQUERADE 1560 0 (autoclean)
iptable_filter 1740 1 (autoclean)
ip_nat_ftp 2928 0 (unused)
iptable_nat 17134 2 [ipt_MASQUERADE ip_nat_ftp]
ip_tables 12544 7 [ipt_LOG ipt_state ipt_MASQUERADE iptable_filter iptable_nat]
ip_conntrack_ftp 4176 1
ip_conntrack 20100 3 [ipt_state ipt_MASQUERADE ip_nat_ftp iptable_nat ip_conntrack_ftp]

My firewall config is:
---8<-----
#!/bin/sh

EXTIF=eth0
INTIF=eth1
EXTIP=1.2.3.4
INTIP=192.168.150.3
LOCALNET=192.168.150.0
FTPSVR=192.168.150.10
HTTPSVR=192.168.150.10

# Load modules
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

# Set default policies and flush tables
iptables -P FORWARD ACCEPT
iptables -F FORWARD
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -t nat -F

# Masquerade
iptables -t nat -A POSTROUTING -o $EXTIF -s $LOCALNET/24 -j SNAT \
--to $EXTIP

# Forward ftp traffic to internal server
iptables -A FORWARD -d $FTPSVR -j LOG --log-prefix "--TO FTP: "
iptables -A FORWARD -s $FTPSVR -j LOG --log-prefix "--FROM FTP: "
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --dport 21 \
-j DNAT --to $FTPSVR

# Forward http traffic to internal server
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --dport 80 \
-j DNAT --to $HTTPSVR
---8<-----

I have been struggling with this for 2 days now and everything I have tried gives the same result, http working ftp doesn't. Any help on this would be greatly appreciated.
Thanks in advance

Gustav Petersson


All times are GMT -5. The time now is 03:17 PM.