Norbert Liew <(E-Mail Removed)> wrote:
> [...] The problem is how to
> enable my windows client to ftp via a linux box running iptables as
> ip_masquerade. The ftp error from my windows client as,
>
> Host type (2): UNIX (standard)
> PORT 192,168,0,2,13,241
> 200 PORT command successful
> LIST
> 425 Unable to build data connection: Network is unreachable
> DoDirList returned 0
>
> My iptables script is so simple in rc.local (slackware). I do not have
> any other rules set, a very plain gateway that's all.
>
> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
Try the following instead:
modprobe ip_nat_ftp
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o <EXT_IF> \
-j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
The modprobe line should make it work. The "-o <EXT_IF>"
addition, where <EXT_IF> is the external interface name, is
only an enhancement.
Instead, you could also try to force your ftp client to use
passive ftp mode. Some related information about this:
http://slacksite.com/other/ftp.html
HTH
Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn
Similar Threads
Linear Mode
