[ale] IPTABLES and FTP+DNAT?

[Robert L. Harris]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


  I had to reboot to get the port 25/80 worked out but it's
functioning now.  The next step
is FTP.  I need to forward ftp (passive and active if possible) to
10.1.1.32.  So far I have:

  # allow tftpd
  $IPTABLES -A INPUT -p tcp --dport 21 -m state --state
NEW,ESTABLISHED -j ACCEPT
  $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 21 -j DNAT
- --to 10.1.1.32:21
  $IPTABLES -A OUTPUT -p tcp --dport 21 -m state --state
NEW,ESTABLISHED -j ACCEPT
  # Active
  $IPTABLES -A INPUT-p tcp --sport 20 -m state --state
ESTABLISHED,RELATED -j ACCEPT
  $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --sport 20 -j DNAT
- --to 10.1.1.32:20
  $IPTABLES -A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED
- -j ACCEPT
  # Passive
  $IPTABLES -A INPUT -p tcp --sport 1024: --dport 1024: -m state
- --state ESTABLISHED -j ACCEPT
  $IPTABLES -A PREROUTING -t nat -p tcp -i $IFACE --dport 1024: -j
DNAT --to 10.1.1.32
  $IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state
- --state ESTABLISHED,RELATED -j ACCEPT

Do I need a POSTROUTING, etc?

If anyone wants, once this is done I'll take a copy, clean it up and
send out to anyone who might want to see it.

Robert

- --

:wq!
====================================================================
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS             With Dreams To Be A King,
       ALONE.  I speak for              First One Should Be A Man
       no-one else.                       - Manowar

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iD8DBQFJOITK8+1vMONE2jsRApj5AKDHAb22R+m9vyV1KFiRppNWyVFsnACgl7Ku
Wt6lNXpuNgyiNQt+/I5Xxqk=
=he7u
-----END PGP SIGNATURE-----