OpenWrt Forum Archive

Topic: Passif ftp

The content of this topic has been archived on 5 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
nosmile
4 Dec 2007, 02:03

Hi, I'm new to iptables and, I have a little problem with a passif ftp server.

my firewall is :

iptables --table nat --append prerouting_wan  --protocol tcp --dport 5055 --jump DNAT --to 10.0.1.100:20-20
iptables --append forwarding_wan --protocol tcp --dport 20 --destination 10.0.1.100 -j ACCEPT
iptables --table nat --append prerouting_wan --protocol tcp --dport 5056 --jump DNAT --to 10.0.1.100:21-21
iptables --append forwarding_wan --protocol tcp --dport 21 --destination 10.0.1.100 -j ACCEPT
                                                                                     
# passif ports                                          
iptables --table nat --append prerouting_wan --protocol tcp --dport 6000:7000 --jump DNAT --to 10.0.1.100:6000-7000
iptables --append forwarding_wan --protocol tcp --dport 6000:7000 --destination 10.0.1.100 -m state --state NEW -j ACCEPT
(...)
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Everithing work well, except that the PASV commande does not provide the good ip to the client...  It gives him the internal ip...  (so, message is : "227 Entering Passive Mode (10,0,1,100,23,115).")  It was working well with the last router/modem (Linksys) which was replaced with a wrt54gl + modem with the same server configuration, so, is it my tables' fault or not?

Post #2
nosmile
4 Dec 2007, 03:20

Self response :

Typesoft ftp server don't allow dynamic ip and my old routeur was translating it automatically!  If you still use windows, use FileZilla's ftp server...  (For a little server obviously...)

The discussion might have continued from here.