hi, ftp port forwarding fails.. pls help me....

hi i am using linux as a gateway to connect inside local machines to
internet.

linux eth0 :XX.XX.XX.XX
linux eth1 : 192.168.1.1

inside local FTP Server(Win2k3 IIS) : 192.168.1.200

now i want to forward incoming ftp request on eth0, to acces
192.168.1.200 FTP server.

some days before it works well.
but now, my remote office cant able to connect FTP server through
Windows explorer (ftp://XX.XX.XX.XX).
while giving the addrees in above line, the explorer asks for
password, and then it displays as, "Operation timed out."

only command mode ftp.exe works well (start-run-cmd-ok, ftp open
XX.XX.XX.XX)

but from my local network, any system can connect the FTP server
easily (as, ftp://192.168.1.200).
also, wheni assign the XX.XX.XX.XX ip directly to FTP server, we can
access it from remote office..

the problem comes only when we connects it through linux firewall.

i used the following lines in the iptables command:,
************************************************** ************************************************** ******************
iptables -t nat -A PREROUTING -i eth0 -p tcp - -dport 21 -j DNAT - -
to 192.168.1.200:21
iptables -A FORWARD -p tcp -d 192.168.1.200 - -dport 21 -j ACCEPT
************************************************** ************************************************** ******************

but other http port forwarding works well....

pls tell me the solution for these problem......

Thanks and Regards,
Nandhakumar K.

(E-Mail Removed) wrote:
> some days before it works well.
> but now, my remote office cant able to connect FTP server through
> Windows explorer (ftp://XX.XX.XX.XX).
> while giving the addrees in above line, the explorer asks for
> password, and then it displays as, "Operation timed out."

If the command line ftp works fine. This sounds like an issue with Windows
explorer, due to a problem with the integration of Internet Explorer into
Windows Explorer. Have a look at the logs for your ftp server. The windows
based ftp may be submitting authentication information with the url typed.

I can't remember the exact format of this, but it produces something like:

IE4USER:PASS@ftp://XX.XX.XX.XX

(You cannot see the IE4USER:PASS@ in the URL window, just ftp://XX.XX.XX.XX)

The IE4USER and password information is automatically being entered as login
information on the remote server, probably prefixing any additional login
names and passwords that you are also providing.

Regards,

Mark.

--
Mark Hobley
393 Quinton Road West
QUINTON
Birmingham
B32 1QE

Email: markhobley at hotpop dot donottypethisbit com

http://markhobley.yi.org/

On Sep 7, 7:02 am, worldwidenan...@gmail.com wrote:
> iptables -t nat -A PREROUTING -i eth0 -p tcp - -dport 21 -j DNAT - -to 192.168.1.200:21

I think this must be:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 21 -j DNAT --to-
destination 192.168.1.200:21

try this...

Beforehand, if you still having troubles, activate these modules:

kernel 2.4 till 2.6.21
ip_conntrack_ftp
ip_nat_ftp

kernel >= 2.6.22
nf_conntrack_ftp
nf_nat_ftp

just this...
May the Force be with you...