by Hi,
I am trying to set up my ftp server located inside my lan. It thought
everything has been done, but when I try to access the ftp server from
the outside, it fails.
There's got to be something I'm missing here. Any help would be very
appreciated.
Thanks,
Sam
Here are the rules in iptables:
*********
WAN=$(nvram_get wan_ifname)
IPT=/usr/sbin/iptables
for T in filter nat mangle ; do
$IPT -t $T -F
$IPT -t $T -X
done
$IPT -t filter -A INPUT -m state --state INVALID -j DROP
$IPT -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -t filter -A INPUT -p icmp -j ACCEPT
$IPT -t filter -A INPUT -i $WAN -p tcp -j REJECT --reject-with
tcp-reset
$IPT -t filter -A INPUT -i $WAN -j REJECT --reject-with
icmp-port-unreachable
$IPT -t filter -A FORWARD -m state --state INVALID -j DROP
$IPT -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j
ACCEPT
$IPT -t filter -A FORWARD -i $WAN -m state --state NEW,INVALID -j DROP
$IPT -t nat -A POSTROUTING -o $WAN -j MASQUERADE
****
I added the following to redirect port 20 and 21, and 10000-12000
(passive port range)
iptables -t nat -A PREROUTING -p tcp --dport 20 -j DNAT
--to-destination 192.168.1.20:20
iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT
--to-destination 192.168.1.20:21
iptables -t nat -A PREROUTING -p tcp --dport 10000:12000 -j DNAT
--to-destination 192.168.1.20