[CentOS] DNAT rule for vsftp --(PASSIVE FTP)
indunil75 at gmail.com
Fri Oct 5 06:35:49 UTC 2007
On 10/5/07, John R Pierce <pierce at hogranch.com> wrote:
> Indunil Jayasooriya wrote:
> > Hi all,
> > I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
> > passive ftp.
> > the theroy behind passive ftp is ,
> except, passive vs active is the choice the CLIENT not the server. the
> only way to properly handle both modes is to parse the FTP commands on
> the control port (21) and setup/teardown port forwards on dynamic ports
> as needed.
> if you use the ip_nat_ftp module, this is all taken care of
> automatically and both transfer modes should work, you'll simply need to
> forward the control port.
Thanks, That means below 2 rules will be enough.
ptables -t nat -A PREROUTING -p tcp -i eth0 -d 220.127.116.11 --dport 21 -j DNAT
iptables -A FORWARD -p tcp -d 192.168.100.3 --dport 21 -m state --state NEW
Am I right?
> CentOS mailing list
> CentOS at centos.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the CentOS