[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Rif: Re:modprobe ip_nat_ftp strange problem - help please
From: <andreagx () tin ! it>
Date: 2002-02-12 13:23:02
[Download RAW message or body]
yes,
proftpd work direcly on a linux box! (10.0.0.5) , and respond with error 425
m$ ftp work on nt server (10.0.0.2) , and work fine
my rules:
# Generated by iptables-save v1.2.4 on Sat Feb 2 19:17:12 2002
*filter
:INPUT ACCEPT [9660:815597]
:FORWARD ACCEPT [456:111205]
:OUTPUT ACCEPT [9832:770299]
:tcp_packets - [0:0]
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LOG
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A FORWARD -s 10.0.1.0/255.255.255.0 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j DROP
COMMIT
# Completed on Sat Feb 2 19:17:12 2002
# Generated by iptables-save v1.2.4 on Sat Feb 2 19:17:12 2002
*nat
:PREROUTING ACCEPT [8699:420737]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [59:4352]
-A PREROUTING -d 10.0.0.5 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
-A PREROUTING -d 10.0.0.5 -p tcp -m tcp --dport 21 -j DNAT --to-destination 10.0.0.2:21
-A PREROUTING -d 10.0.0.5 -p tcp -m tcp --dport 30 -j DNAT --to-destination 10.0.0.2:30
-A PREROUTING -d 10.0.0.5 -p tcp -m tcp --dport 5800 -j DNAT --to-destination 10.0.0.2:5800
-A PREROUTING -d 10.0.0.5 -p tcp -m tcp --dport 5900 -j DNAT --to-destination 10.0.0.2:5900
-A POSTROUTING -j SNAT --to-source 10.0.0.5
COMMIT
# Completed on Sat Feb 2 19:17:12 2002
>
> Da: "Dharmendra.T" <dharmu@nsecure.net>
> Data: 12/02/2002 13:41
> A: andreagx@tin.it
> cc: netfilter <netfilter@lists.samba.org>
> Oggetto: Re:modprobe ip_nat_ftp strange problem - help please
>
>
> Have you allowed data connection (port 20) in your rules, if not allow
>
>
> Hi, all
> I use modprobe ip_nat_ftp and I can connect my ftp NT ftp server on
> another ip (10.0.0.2) - DNAT - , and work fine.
>
> The problem is "proftpd" , i want to connect this ftp server directly on
> linuxbox on port 71 but the ftp respond with error :
> 425 Can't built data connection timed out
>
> --
> Dharmendra.T
> Linux Security Expert
> www.nsecure.net
>
> The content of this email message and any attachments are confidential and
> may be legally privileged, intended solely for the addressee. If you are not
> the intended recipient, be advised that any use, dissemination, distribution,
> or copying of this e-mail is strictly prohibited. If you receive this
> message in error, please notify the sender immediately by reply email and
> destroy the message and its attachments.
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic