[Firewall] I really need help to set up PASV port forwarding across NAT

Gustin Johnson gustin at meganerd.ca
Thu Oct 4 19:14:57 CEST 2012


I would use tcpdump on the "external" interface to verify that packets are
indeed being forwarded to your linux "router".

Slightly OT, I use sftp (part of the ssh spec) to accomplish the same thing
I used to use FTP for.  A single tcp port is much nicer to deal with than
the horror of FTP.

On Thu, Oct 4, 2012 at 11:01 AM, Eli Wapniarski <eli at orbsky.homelinux.org>wrote:

> Hi Arno...
>
> Thanks for responding...
>
>
> What I have is a cable modem.... The firewall is off and all ports
> (1-65535) are being forwarded to my network. The computer that I am using
> for a firewall has 2 interfaces. The One that's connected to the cable
> modem has the IP 10.0.0.1 and is connected to the modem interface which has
> an IP 10.0.0.138.
>
> My internal network is 192.168.0.1/24 with the ftp server at 192.168.0.221
>
> Relevant script settings are as follows
>
> EXT_IF="eth1"
> INT_IF="eth2"
> NAT=1
> NAT_FORWARD_TCP="20,21,60000:65535>192.168.0.221
> OPEN_TCP="20 21 60000:65535"
>
> I really do appreciate your assistance with this.
>
> Eli
>
> On Thursday 04 October 2012 14:00:40 Arno van Amersfoort wrote:
> > We really need some more details on what you're trying to do before we
> > can help you. Standard FTP PASV support should work out of the box with
> > AIF....
> >
> > a.
> >
> > On 09/30/2012 08:01 AM, Eli Wapniarski wrote:
> > > Sorry about sending this again.... I had a problem with my mail
> security.
> > >
> > > Would somebody be kind enough to lend me a hand setting up PASV port
> > > forwarding across NAT. I believe that I have the firewall setup
> correctly
> > > but I still can't get it to work.
> > >
> > > Thanks
> > >
> > > Eli
> >
> > _______________________________________________
> > Firewall mailing list
> > Firewall at rocky.eld.leidenuniv.nl
> > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20121004/70a6bdb8/attachment.html>


More information about the Firewall mailing list