On 10/5/07, John R Pierce <pierce at hogranch.com> wrote: > > Indunil Jayasooriya wrote: > > > > Hi all, > > > > I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as > > passive ftp. > > > > the theroy behind passive ftp is , > > > > except, passive vs active is the choice the CLIENT not the server. the > only way to properly handle both modes is to parse the FTP commands on > the control port (21) and setup/teardown port forwards on dynamic ports > as needed. > > if you use the ip_nat_ftp module, this is all taken care of > automatically and both transfer modes should work, you'll simply need to > forward the control port. Thanks, That means below 2 rules will be enough. ptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 21 -j DNAT --to-destination 192.168.100.3:21 iptables -A FORWARD -p tcp -d 192.168.100.3 --dport 21 -m state --state NEW -j ACCEPT Am I right? _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20071005/84c23508/attachment-0005.html>