hi, We are trying to make a NAT box ready. setup will be something like this - a gateway kind of computer (NAT box) is connected to the internet and 4-5 five other computer is connected to this NAT box through a switch.
we intend to access the internet from the computers connected to NAT box and do some basic stuffs like browsing, ftp download, voip (sip, h323), peer-to-peer file sharing etc.. searching the net, we managed to add the following masquerading rule after enabling ip forwarding: /sbin/iptables -A POSTROUTING -t nat -o eth1 -s 192.168.100.0/24 -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j MASQUERADE after adding this rule we able do basic HTTP browsing. NAT box is connected to internet through a switch which also has another test server where the ftp server is running. when we try doing ftp from the internal computers to the ftp test server we face problems. when we use command like "ls", "mget", etc.. we were getting "port illegal" error. internet searches pointed to active and passive mode issues in ftp. though i understand this active and passive stuff, we are unable to determine the exact iptable rules to be added in the NAT box. internet search also says about this ALG ip_conntrack_ftp which needs to be loadded. what we need is, clarity about the rules to be added and the modules to be loaded in the NAT box so that ftp (both active and passive mode) starts working. we also understand the potential security issues and would like to address that too. regards, naren -- All generalizations are false. _______________________________________________ To unsubscribe, email ilugc-requ...@ae.iitm.ac.in with "unsubscribe <password> <address>" in the subject or body of the message. http://www.ae.iitm.ac.in/mailman/listinfo/ilugc