Hi,
I don't know why would you need to NAT the address of your FTP server (is your firewall server different than FTP ?)
but if I look at the error 425 you get, then take a look
here - 425 - failed to establish connection
you might need to add some options to configuration of firewall
from what I see:
Quote:
iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 21 -j DNAT --to-destination ip_ftp_server:21440
iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 30400:30500 -j DNAT --to-destination ip_ftp_server:21440
|
this second rule is wrong, it doesn't NAT to Passive ports on your FTP server.
It should be:
Code:
iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 30400:30500 -j DNAT --to-destination ip_ftp_server
or maybe
iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 30400:30500 -j DNAT --to-destination ip_ftp_server:30400-30500
so the ports 30400-30500 go to your FTP server IP:30400-30500
It's a problem with your wrong NAT-ing in firewall.