Re: ftp/scp port forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2004-06-28 at 23:56 -0700, Florin Andrei wrote:
> Seems to me like you're running an http/https/ftp server behind NAT, and
> you want to make it visible to the outside, correct?
yes

> http/https are not a problem in this scenario.
yes

> Make sure you're loading the ip_nat* and ip_conntrack* modules on the
> firewall. I believe it's enough to load them and only forward the
> command channel (port 21); the purpose of the ip_nat_ftp module is to
> figure out the parameters for the data channel and mangle the packets on
> the fly.
> 
> Edit /etc/sysconfig/iptables-config and add:
> 
> IPTABLES_MODULES="ip_nat_ftp"
Added it and now it works! ip_conntrack was also loaded, but I didn't
specified it manually.

Thanks a lot Florin! I'm googling now for ip_nat_ftp and vsftpd
passv_address options to learn more, it's the first time I hear about
them after reading many examples of ftp port forwarding.

-- 
Marius Andreiana
Galuna - Solutii Linux in Romania
http://www.galuna.ro



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux