> >
> > The first two deal with port 21, then the following two
> deal with the
> > ftp-data port. Next two lines to do passive ftp.
> > The above is the format understood by iptables-restore
>> I entered these rules after the SuSE script had run and
> although I could
> then ftp from the server, so the firewalling part seems
> correct, I still
> couldn't FTP from a masqueraded client. We often talk about
> lectures/discussions etc. - I would certainly find an iptables
> workshop/lecture Q&A very worthwhile - any volunteers ?
Within iptables there are two different way to do nat. You can use the SNAT
target or the MASQUERADE target. I use the SNAT target.
e.g.
# NAT for hosts behind the firewall
-A POSTROUTING -o eth0 -s 192.168.80.0/24 -j SNAT --to-source 194.xx.xx.xx
Where 194.xx.xx.xx is the external address that the real world sees and
192.168.80.0/24 is the internal network and eth0 is the external interface.
This is in the nat table.
Cheers,
jr
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
