On Mon, 2011-03-07 at 19:41 -0500, robert mckennon wrote:
>
>
> My WAN connection is Eth1 (173.165.202.120)
This is the IP you want to use in your FTP servers config. Unless the
address below are publicly accessible. In that case you use them and not
the above, but pretty sure they are internal LAN addresses.
> My LAN connection is Eth0 (10.11.248.75)
>
> the ftp server's adx is 10.11.248.119
That address only needs to show up in the outside to in mapping. Which
you are presently missing.
iptables -t nat -A PREROUTING -i eth1 -d 173.165.202.120 -p TCP --dport
20:21 -j DNAT --to 10.11.248.119
That way when something hits 173.165.202.120 port 20 or 21, it gets
forwarded to 10.11.248.119. Otherwise it will think you want to access
port 20 and 21 on the local machine/router/firewall that both eth0 and
eth1 reside within.
____________
> Internet--------->| Eth1 Eth0 |------- > FTP-server
> |___________|
> Darnit... forgot I switched eth0 and 1.... I'll change the script....
Well luckily your only specifying that in one or a few places. But
probably want to specify that all over the place :)
> good catch...
Check the IP addresses your accepting things on. I think thats off as
well, your accepting things on an LAN/private IP vs WAN/public IP.
--
William L. Thomson Jr.
Obsidian-Studios, Inc.
http://www.obsidian-studios.com
---------------------------------------------------------------------
Archive http://marc.info/?l=jaxlug-list&r=1&w=2
RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml
Unsubscribe [email protected]
