LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
LinkBack Search this Thread
Old 01-23-2012, 08:42 AM   #1
turki_00
LQ Newbie
 
Registered: Mar 2011
Posts: 11

Rep: Reputation: 0
Question FTP Server behind NAT (IPtables) List FTP directories Problem


Hi,

the FTP server (10.205.13.97) is behind a firewall (NAT).

I can login to the ftp server without any problems from a remote machine. However, I can't list directories (ls) from remote machine. Even passive mode is timed-out.

230 Anonymous access granted, restrictions apply
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 Illegal PORT command
ftp: bind: Address already in use
ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (50,17,79,90,251,162).
ftp: connect: Connection timed out
ftp>


I am using Proftpd as the FTP server (Ubuntu).

The IpTables for the firwall box (Ubuntu) was defined as the following (ports 20 & 21 is forwarded):

>echo 1 > /proc/sys/net/ipv4/ip_forward
>iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:ftp to:10.205.13.97:21
DNAT tcp -- anywhere anywhere tcp dpt:ftp-data to:10.205.13.97:20

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
 
Old 01-23-2012, 09:17 AM   #2
angel115
Member
 
Registered: Jul 2005
Location: France / Ireland
Distribution: Debian mainly, and Ubuntu
Posts: 474

Rep: Reputation: 72
What does your log say? (/var/log/syslog)
 
Old 01-23-2012, 09:30 AM   #3
turki_00
LQ Newbie
 
Registered: Mar 2011
Posts: 11

Original Poster
Rep: Reputation: 0
angel115,

the log for which box?
the remote client that I am using the ftp commands with? or
the firewall box logs? or
the ftp box logs?

well, I checked the syslog for all the 3 machines and non of them say any issues about the ftp service (some entries about cron jobs)
 
Old 01-26-2012, 08:24 AM   #4
turki_00
LQ Newbie
 
Registered: Mar 2011
Posts: 11

Original Poster
Rep: Reputation: 0
guys any help ?
 
Old 01-26-2012, 09:17 AM   #5
Cedrik
Senior Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 2,140

Rep: Reputation: 242Reputation: 242Reputation: 242
Did you set MasqueradeAddress and PassivePorts in proftpd.conf ?

See:
http://www.proftpd.org/docs/howto/NAT.html
 
Old 02-05-2012, 08:44 AM   #6
turki_00
LQ Newbie
 
Registered: Mar 2011
Posts: 11

Original Poster
Rep: Reputation: 0
Found a solution:

modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward

then, configure IpTables:
iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 1024:65535 -j ACCEPT

iptables -t nat -A PREROUTING -i eth0 -p tcp -d NatPrivateIp --dport 1024:65535 -j DNAT --to-destination FtpPrivateIp:1024-65535
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j DNAT --to-destination FtpPrivateIp:21
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE [duplicate]

Thank you everyone,
Turki
 
  


Reply

Tags
ftp, iptables, nat, proftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with ftp and IPtables on a server g_paschoal Linux - Newbie 2 08-10-2011 12:35 AM
FTP server (Windows) behind NAT (IPtables) SWAT Linux - Newbie 10 01-08-2004 12:54 PM
iptables and passive ftp behind NAT radix Linux - Security 7 10-21-2003 02:06 PM
iptables and passive FTP behind the nat radix Linux - Security 5 09-16-2003 07:14 PM
iptables, NAT and FTP cestor Linux - Security 10 01-04-2002 09:57 AM


All times are GMT -5. The time now is 02:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration