LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Impossible to Nat to certain FTP servers
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-21-2006, 10:48 AM   #1
ngwasuma
Member
 
Registered: Jan 2005
Distribution: Fedora11
Posts: 45

Rep: Reputation: 16
Impossible to Nat to certain FTP servers

Code:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

# Enable Port forwarding 
echo 1 > /proc/sys/net/ipv4/ip_forward

# Drop ICMP echo-request messages sent to broadcast or multicast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

# Enable TCP SYN cookie protection from SYN floods
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter


iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Masquerade
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
Above are the contents of my /etc/rc.local in my Fedora Core 5 Linux NAT box.

Does any one know why it would not Nat connections to certain FTP servers? When I give my client Public IPs that bypass my Nat box, he connects well to his FTP server but not throught the Nat box.
 
Old 07-22-2006, 05:50 PM   #2
bbeers
Member
 
Registered: Jul 2002
Location: Florida
Distribution: Centos, Slackware
Posts: 260

Rep: Reputation: 30
what does lsmod output?

you will need modules for iptables nat and conntrack loaded:
here are some I see on my masquerading router ...

ip_nat_irc 2176 0
ip_nat_ftp 2816 0
ip_conntrack_irc 70800 1 ip_nat_irc
ip_conntrack_ftp 71568 1 ip_nat_ftp
ipt_MASQUERADE 2816 1
iptable_nat 20060 4 ip_nat_irc,ip_nat_ftp,ipt_MASQUERADE
ip_conntrack 38296 6 ip_nat_irc,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_ftp,ipt_MASQUERADE,iptable_nat
iptable_filter 2432 1
ip_tables 20096 3 ipt_MASQUERADE,iptable_nat,iptable_filter
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ipchains, FTP, and NAT grider Linux - Networking 3 02-21-2006 09:46 AM
LVS-NAT for DNS servers freelinuxcpp Linux - Networking 0 07-31-2004 04:52 AM
Multiple Servers behind NAT router pnh73 Linux - Networking 6 10-08-2003 01:18 PM
Can't use ftp nat whhappy Linux - Software 4 08-11-2003 05:33 AM
ftp server behind nat alansk Linux - Networking 2 07-17-2003 01:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:12 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration