Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    FTP & IP tables issues


    I have been using iptables to perform NAT/masquerading to make a wireless router to connect several non-wireless PCs up to the wireless network that i have.

    These router PC running IP tables is for some reason, not able to correctly forward several connections to machines behind it, such as FTP, although i have modprobed ip_conntrack_ftp and ip_nat_ftp.

    More interestingly some FTP clients can bypass this (konqueror), but others cannot. (curl & firefox). I suspected that this was due to passive/active mode, but curl *can* access ftp sites if they have been recently visted by konqueror (wierd)!

    Also, certain websites that require authentication (eg yahoo mail) and my ISP's website do not allow me to connect, but otherwise general web browsing is find.

    I must be missing something, IP tables is not something that i understand well enough to know what i am doing. I have mainly pieced it together from HOW-TO guides.

    This is somewhat perplexing, so any help or insight is most appreciated.

    I have attached the list of commands that i use below...
    #This is a script to allow NAT routing
    #using linuxhomenetworking Quick HOW-TO chapter 14
    #as a base
    #ra0 external "public" interface
    #eth0 internal "local" interface
    #Get local and public ip addr
    PUB_IF_IP="`/sbin/ifconfig $PUB_IF | awk '/inet addr:/ { print $2}' | \
                     sed -e 's/.*://'`"
    LOC_IF_IP="`/sbin/ifconfig $LOC_IF | awk '/inet addr:/ { print $2}' | \
                     sed -e 's/.*://'`"
    #use reg-exp matching (requires bash >= 3.0)
    #if [[ "$PUB_IF" =~ "*.*.*.*" ]]
    echo $PUB_IF_IP
    echo $LOC_IF_IP
    #insert iptable_nat kernel module
    /sbin/modprobe iptable_nat
    #insert FTP connection helper module
    /sbin/modprobe ip_conntrack_ftp
    /sbin/modprobe ip_nat_ftp
    #Enable routing (echo 0 disables)
    echo 1 > /proc/sys/net/ipv4/ip_forward
    #flush the routing tables
    /sbin/iptables --flush
    #Enable Masquerading
    /sbin/iptables -A POSTROUTING -t nat -o $PUB_IF -s -d 0/0 \
                    -j MASQUERADE
    #Before masquerading, route packets via filter table's FORWARD chain
    #outbound: Alllow new, established and related connections
    #inbound: allow established and related
    /sbin/iptables -A FORWARD -t filter -o $PUB_IF -m state \
                    --state NEW,ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A FORWARD -t filter -i $PUB_IF -m state \
                    --state ESTABLISHED,RELATED -j ACCEPT

  2. #2
    I have narrowed down the web page problem to be an issue connecting to https servers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts