Problem setting up ftp server inside lan (iptables)

• Previous message: /dev/null: "Re: routing without eating up my IPs"
• Next in thread: vhu: "Re: Problem setting up ftp server inside lan (iptables)"
• Reply: vhu: "Re: Problem setting up ftp server inside lan (iptables)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 16 Aug 2004 10:38:58 -0700

Hi,

I am trying to set up my ftp server located inside my lan. It thought
everything has been done, but when I try to access the ftp server from
the outside, it fails.

There's got to be something I'm missing here. Any help would be very
appreciated.

Thanks,

Sam

Here are the rules in iptables:

*********

WAN=$(nvram_get wan_ifname)

IPT=/usr/sbin/iptables

for T in filter nat mangle ; do
  $IPT -t $T -F
  $IPT -t $T -X
done

$IPT -t filter -A INPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j ACCEPT
$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with
tcp-reset
$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with
icmp-port-unreachable
$IPT -t filter -A FORWARD -m state --state INVALID -j DROP
$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j
ACCEPT
$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP

$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE

****

I added the following to redirect port 20 and 21, and 10000-12000
(passive port range)

iptables -t nat -A PREROUTING -p tcp --dport 20 -j DNAT
--to-destination 192.168.1.20:20

iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT
--to-destination 192.168.1.20:21

iptables -t nat -A PREROUTING -p tcp --dport 10000:12000 -j DNAT
--to-destination 192.168.1.20

• Previous message: /dev/null: "Re: routing without eating up my IPs"
• Next in thread: vhu: "Re: Problem setting up ftp server inside lan (iptables)"
• Reply: vhu: "Re: Problem setting up ftp server inside lan (iptables)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]