LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Problem with Iptables
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-07-2010, 11:37 PM   #1
longvnit
LQ Newbie
 
Registered: Apr 2008
Posts: 13

Rep: Reputation: Disabled
Problem with Iptables

Hi everybody
I am building 1 system includes 1 firewall server using iptables 1 Webserver && 1 FTP server

On FTP server IP: 192.168.1.2 - GW: 192.168.1.1, i installed ProFTPD successfully. In LAN i do everything successfull.

On Firewall server <IP PUBLIC> on eth0 && IP LAN eth1: 192.168.1.1

Iptables rules:

Code:
# Generated by iptables-save v1.3.5 on Sun Mar  7 21:01:16 2010
*nat
:PREROUTING ACCEPT [950:126970]
:POSTROUTING ACCEPT [89:5880]
:OUTPUT ACCEPT [19:1342]
-A PREROUTING -d <IP PUBLIC> -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.1.2:21
-A POSTROUTING -s 192.168.1.2 -o eth0 -j SNAT --to-source <IP PUBLIC>
COMMIT
# Completed on Sun Mar  7 21:01:16 2010
# Generated by iptables-save v1.3.5 on Sun Mar  7 21:01:16 2010
*filter
:INPUT DROP [1599:157409]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [232:34452]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
COMMIT
# Completed on Sun Mar  7 21:01:16 2010
In FTP server i access to internet good.
I check port 21 on IP PUBLIC , it's return Open.

But when i using ftp command then it's show
Code:
Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
Aborting any active data connections...
ftp> bye

C:\Documents and Settings\LONGVNIT>ftp <IP PUBLIC>
Connected to <IP PUBLIC>.
220 ProFTPD 1.3.3 Server (FTP Server) [192.168.1.2]
User (<IP PUBLIC>:(none)): longvnit
331 Password required for longvnit
Password:
230 User longvnit logged in
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out
ftp>
Please Help me. Thanks!
Last edited by longvnit; 03-07-2010 at 11:40 PM.
 
Old 03-08-2010, 07:59 AM   #2
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
You can't connect to a public ip from inside the network. Go somewhere else and test it.

Also read about the PASV ftp settings:
http://www.cyberciti.biz/faq/iptable...s-not-working/
Last edited by smoker; 03-08-2010 at 08:01 AM.
 
Old 03-08-2010, 11:11 AM   #3
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
You probably need to load in Iptables special module to trace FTP connections. It might be called "nf_nat_ftp" or "nf_nat_tftp". Check about it.
 
Old 03-08-2010, 11:15 PM   #4
longvnit
LQ Newbie
 
Registered: Apr 2008
Posts: 13

Original Poster
Rep: Reputation: Disabled
Question
Quote:
Originally Posted by smoker View Post
You can't connect to a public ip from inside the network. Go somewhere else and test it.

Also read about the PASV ftp settings:
http://www.cyberciti.biz/faq/iptable...s-not-working/
I don't connect from Local using IP PUBLIC , i in other places.
In local i used IP LAN connect and successfully.


Problem is : connect FTP successfully but get data unsuccess.
 
Old 03-09-2010, 02:40 AM   #5
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
That's because you have to set up PASV port forwarding.
 
Old 03-09-2010, 02:44 AM   #6
mario.almeida
Member
 
Registered: May 2008
Location: India
Distribution: Ubuntu 10.04, CentOS, Manjaro
Posts: 179

Rep: Reputation: 27
Hi,

Open ftp-data port (20)
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Rather huge IPtables chain, iptables: Memory allocation problem. Gangrif Linux - Networking 10 09-11-2009 03:30 PM
problem via iptables Ariyan Linux - Newbie 2 04-12-2009 06:46 AM
Strange IPTables or Perhaps its not IPtables problem? helptonewbie Linux - Security 4 01-28-2009 07:54 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
iptables problem lalata Linux - Software 14 12-07-2005 06:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:06 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration