On Wed, Jan 25, 2006 at 09:17:18AM +0530, Abhishek Sawant wrote:
On 1/24/06, Rajendra Rait rajendra.rait@gmail.com wrote:
I tried this command it didn't work
iptables -t nat -A PREROUTING -p tcp -d <external ip> --dport 21 -j DNAT --to <internal-ip>:21 iptables -t nat -A PREROUTING -p tcp -d <external ip> --dport 20 -j DNAT --to <internal-ip>:20
What do you mean that it didnt work ? what you tried ? what error you got ? what you did to check if its working or not ?
Easy boy, he is trying.
have you refered man page of iptables ?
I'm sure he has, what you both don't seem to understand is the FTP protocol. Its not a simple protocol like HTTP or SMTP which you can easily redirect and get away with. Even if one uses passive mode FTP, the data connection port is decided by the FTP server. I don't know if "ip_nat_ftp" and "ip_conntrack_ftp" will work. I have only tried it for making FTP clients operate without barfing behind a NAT router. I'm sure it can be done the other way round as well, I guess. What I definitely have tried is `jftpgw' and it worked like a charm allowing FTP forwarding in both directions i.e., LAN->NAT->Internet as well as LAN<-NAT<-Internet.
Nosferatu!!!