Secure FTP woes using iptables - Expert help needed
This is a discussion on Secure FTP woes using iptables - Expert help needed within the Linux Security forums, part of the System Security and Security Related category; We have a requirement to connect to an external Secure FTP server. However, I am having the same old problem ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-20-2004
|
|||
|
|||
Secure FTP woes using iptables - Expert help needed
We have a requirement to connect to an external Secure FTP server. However,
I am having the same old problem of being able to created a data connect. Did have problems with normal ftp active data connection but used modprobe -dv ip_conntrack_ftp ports=21 modprobe -dv ip_nat_ftp ports=21 and it resolved my issues. External Secure FTP remote server is running on 10021 and 10020 (data). I am able to log in ok but when I issed an "ls" command the server returns "Cannot bind data connection" I have modifed the above to read modprobe -dv ip_conntrack_ftp ports=21,10021 modprobe -dv ip_nat_ftp ports=21,10021 but i am still unable to created a data connection. My iptables rules are as follows eth1 = Internet interface eth0 = Lan inteface # Static one-to-one nat from <internal client> to <external-ip> iptables -A PREROUTING -d <external-ip> -i eth1 -p tcp -m tcp --dport 10020:10026 -j DNAT --to-destination <intnernal client> iptables -A POSTROUTING -s <internal client> -o eth1 -j SNAT --to-source 217.<external-ip> iptables -A INPUT -p tcp -m tcp --dport 10020:10026 -j ACCEPT iptables -A FORWARD -p tcp -m tcp --dport 10020:10026 -j ACCEPT note: you may have noticed that ports 10020 - 10026 have been forwarded - this is what the remote server administrator advised. What else am I missing. Help my anyone, you're my only hope. Regards Sam 
|
Linear Mode
