ftp/scp port forwarding

Marius Andreiana mandreiana at rdslink.ro
Tue Jun 29 08:05:13 UTC 2004


On Mon, 2004-06-28 at 23:56 -0700, Florin Andrei wrote:
> Seems to me like you're running an http/https/ftp server behind NAT, and
> you want to make it visible to the outside, correct?
yes

> http/https are not a problem in this scenario.
yes

> Make sure you're loading the ip_nat* and ip_conntrack* modules on the
> firewall. I believe it's enough to load them and only forward the
> command channel (port 21); the purpose of the ip_nat_ftp module is to
> figure out the parameters for the data channel and mangle the packets on
> the fly.
> 
> Edit /etc/sysconfig/iptables-config and add:
> 
> IPTABLES_MODULES="ip_nat_ftp"
Added it and now it works! ip_conntrack was also loaded, but I didn't
specified it manually.

Thanks a lot Florin! I'm googling now for ip_nat_ftp and vsftpd
passv_address options to learn more, it's the first time I hear about
them after reading many examples of ftp port forwarding.

-- 
Marius Andreiana
Galuna - Solutii Linux in Romania
http://www.galuna.ro





More information about the fedora-list mailing list