Masquerade + Routing servers through iptables
 

I've been working on this for days, and it's driving me nuts. Router computer has EXTIF eth0 and INTIF eth1. eth1 is set to 192.168.0.1 and assigns an address 192.168.0.2 to a dedicated machine on the switch and 192.168.0.3-192.168.0.5 to any other computers that connect to the switch. Trying to allow ftp connections to the exteranl address to the internal computer at the fixed address. iptables are set something like this.

I know I forgot something because there should be a destination 192.168.0.2 somewhere. I'm still looking this up, but any help you could give would be appreciated.

No dice. ftp://192.168.0.2 works from the gateway machine, but still no ftp://[extip].

Ubuntu 6.06 machine, btw.

Do you have ip_conntrack_ftp and ip_nat_ftp kernel modules loaded? Also, what is the behavior when you attempt to connect? Timeout, connection refused, or connect and then error?

Just changed input and forward to accept, and it worked. Changed input to drop, and it still worked, so the problem is in forward. Back in a sec.

Correction, problem was in forward after mucking around. Original rules I listed plus the prerouting worked. Thanks, man. Have I told you how awesome you are lately?

LOL. Just doing what I can. Server coming back together nicely?

Also, you ever figure out your hardware issues?

I think the problem I was on the last time I talked to you was getting my domain name to work correctly. That seems to be working now. Since ftp now works past the gateway, other services shouldn't be a problem especially since I now have my own howto on this thread. I still haven't gotten a mail server up, but I did get qmail installed. The only problem I have left is here http://www.linuxquestions.org/questi...d.php?t=466488. It's confusing me to death especially since after trying to get this thing up all weekend, it randomly decided to work yesterday. I went ahead and bought another 400 GB drive on Saturday so I can get it back up next week, but I'm still going to format and then RMA the old drive. It's just giving me too many problems. I burned through about 40 dvds yesterday trying to finish up my backups now while it's working and still have a few to go. Unfortunately, I'm down to my last 10 dvds, so I've got to go pick up more. Once it's all said and done, I'll have 6 400 GB SATA drives running. I'm considering putting 3 in a RAID 5, but I haven't even touched on that idea yet. When prices go down (not any time soon), I want to pick up 2 750 GB drives, but that'll be a good, long while from now.

We really ought to find a better place to have these off-topic discussions. Anywho.

Last question on the subject, would it be considered bad form to put a script in rc.local to flush and reload the iptables rules on bootup rather than save and restore?

I don't think it's bad form, per se, but it is more efficient to use save and restore.

(As for off-topic discussions, I'm always on AIM, lol)

My port forwarding stopped working. I put all of the rules in a script.

Notice the comment on forwarding port 22 to the internal computer. If it is commented, I can ssh to the gateway machine. If the port is forwarded, it times out. What's missing?

Does the box at 192.168.0.2 have any iptables rules at all?

Nope. No rules are defined.

not saying this is the cause of your issue, but you should specify the incoming interface (-i $EXTIF) on your PREROUTING rules...