How to SNAT FTP

Daniel Fourie (DJN) FourieDJ at telkom.co.za
Mon Apr 11 08:26:39 CEST 2005


Hi all

 

I would like to ask you all a question on how to source nat (SNAT) an
ftp connection. My network looks something like this.

 

#         000

#       0     0

#    0           0

#   0 192.168.0.0 0

#   0             0

#    0           0

#       0     0

#         000

#          |

#          |                                     0 0 0

#   (165.168.1.1 – eth0)                      0         0

#   0000000000000000                        0             0

#   0              0                       0      DMZ      0

#   0 devlab-fw-00 0 [172.20.1.1 – eth1]--0    172.20.0.0   0

#   0              0                       0               0

#   0000000000000000                        0             0

#                                             0         0

#                                                0 0 0

 

I have got the following nat rules in my iptables firewall

 

$IPTABLES -t nat -A POSTROUTING -s $NET_DMZ -o eth0 \

-j SNAT --to-source 192.168.1.1

 

Everything seems to work fine, but ftp on the other hand is not
working in active mode. The ftp helper is loaded (ip_conntrack_ftp,
ip_nat_ftp).

If I do a network scan I can see the connection coming to my machine,
but the data connection witch is negotiated in the payload is not
natted to the correct ip (192.168.1.1). This is suggesting to me that
the ftp helper is not working. I am running a updated version of
RedHat 9 current kernel is kernel-2.4.20-31.9.

 

It will be appreciated if someone can help.

 

Regards

DevLab


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
 


More information about the netfilter mailing list