The goal is to configure port forwarding in the firewall to offer a
ftp service to Internet.
The Linux firewall is Redhat 7.2 with 2.4.9-21 kernel and
The ftp server is a Windows 2k from the internal MASQed network.
Port forwarding only works for passive connections to the ftp server,
configuring the following:
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 21 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 21 \
-j DNAT --to $PORTFWIP:21
The ip_nat_ftp and ip_conntrack_ftp modules are loaded.
How to configure firewall to allow active ftp connections from
Internet to the MASQed ftp server?