Find the answer to your Linux question:
Results 1 to 2 of 2
Hello, I have been using iptables to perform NAT/masquerading to make a wireless router to connect several non-wireless PCs up to the wireless network that i have. These router PC ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 12-30-2006 #1
    Yalu
    Yalu is offline
    Just Joined!
    Join Date
    Dec 2006
    Posts
    2

    FTP & IP tables issues

    Hello,

    I have been using iptables to perform NAT/masquerading to make a wireless router to connect several non-wireless PCs up to the wireless network that i have.

    These router PC running IP tables is for some reason, not able to correctly forward several connections to machines behind it, such as FTP, although i have modprobed ip_conntrack_ftp and ip_nat_ftp.

    More interestingly some FTP clients can bypass this (konqueror), but others cannot. (curl & firefox). I suspected that this was due to passive/active mode, but curl *can* access ftp sites if they have been recently visted by konqueror (wierd)!

    Also, certain websites that require authentication (eg yahoo mail) and my ISP's website do not allow me to connect, but otherwise general web browsing is find.

    I must be missing something, IP tables is not something that i understand well enough to know what i am doing. I have mainly pieced it together from HOW-TO guides.

    This is somewhat perplexing, so any help or insight is most appreciated.

    I have attached the list of commands that i use below...
    Code:
    #!/bin/bash
#This is a script to allow NAT routing
#using linuxhomenetworking Quick HOW-TO chapter 14
#as a base

#ra0 external "public" interface
#eth0 internal "local" interface
PUB_IF=ra0
LOC_IF=eth0
TARG_MACHINE_A=192.168.2.2


#Get local and public ip addr
PUB_IF_IP="`/sbin/ifconfig $PUB_IF | awk '/inet addr:/ { print $2}' | \
                 sed -e 's/.*://'`"
LOC_IF_IP="`/sbin/ifconfig $LOC_IF | awk '/inet addr:/ { print $2}' | \
                 sed -e 's/.*://'`"

#use reg-exp matching (requires bash >= 3.0)
#if [[ "$PUB_IF" =~ "*.*.*.*" ]]
#DEBUG
echo $PUB_IF_IP
echo $LOC_IF_IP

#insert iptable_nat kernel module
/sbin/modprobe iptable_nat
#insert FTP connection helper module
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp


#Enable routing (echo 0 disables)
echo 1 > /proc/sys/net/ipv4/ip_forward

#flush the routing tables
/sbin/iptables --flush

#Enable Masquerading
/sbin/iptables -A POSTROUTING -t nat -o $PUB_IF -s 192.168.2.0/24 -d 0/0 \
                -j MASQUERADE

#Before masquerading, route packets via filter table's FORWARD chain
#outbound: Alllow new, established and related connections
#inbound: allow established and related
/sbin/iptables -A FORWARD -t filter -o $PUB_IF -m state \
                --state NEW,ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A FORWARD -t filter -i $PUB_IF -m state \
                --state ESTABLISHED,RELATED -j ACCEPT
    Reply With Quote Reply With Quote
  2. 01-01-2007 #2
    Yalu
    Yalu is offline
    Just Joined!
    Join Date
    Dec 2006
    Posts
    2
    I have narrowed down the web page problem to be an issue connecting to https servers.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules