FTP server behind firewall

[Master of Reality]

How would i go about getting an FTP server running behind my proxy/firewall. I setup an FTP server on my server but then realized that it cant fit what i want someone to FTP to me. So i need to run an FTP server (proFTPD) on my slackware machine somehow.
Is there anyway to get ipchains to redirect packets to port 21(and/or 20?) to an IP address in my LAN?

[voidmain]

Yes, most definitely. Just forward port 21 (udp/tcp) from your internal machine to your external interface. You will need to shut FTP off on your external machine as you can't have both bound to port 21 on your external interface at the same time.

Only problem is, I do this on a really old version of ipchains which used the "ipportfw" command. Newer versions of ipchains and iptables for the 2.4 kernel has commands built in to handle this. You might do some searching for examples like this:

http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-4.html

[Master of Reality]

I am using ipchains and i cant have "-d" flag twice in one line so i cant do:
ipchains -A input -s 0/0 -p tcp -d 205.92.81.80 ftp -j REDIRECT -d 192.168.0.4
(my IP address is changed of course).
*sigh* It looks like i might have to try and go back to iptables.

[ September 29, 2002: Message edited by: The Master of Reality / Bob ]

[voidmain]

I don't want to say you can't do it with ipchains in the 2.4 kernel but I can certainly say what you are trying to do will not work. You do not want two destinations. There is a special function of ipchains/tables for port forwarding.

It looks like in the newer 2.4 kernels you at least need to have the "ipfwadm" command installed (which you probably do) and the first parameter to that command would be "portfw". Like I said, I am using an older 2.2 kernel on my firewall and I still use the "ipmasqadm" command for this. And example I use to forward VNC ports to an internal machine:

Code: [Select]

The x.x.x.x above is my pulic IP address (outside address).

The ipfwadm might work but I haven't really messed with it. It does seem to work with ipchains and I have seen examples for port forwarding using that command and they are identical to the "ipmasqadm" commands I have in my example above, except the examples do not show the "-a" parameter that I have in my example. They are really trying to ditch ipchains in favor of iptables in 2.4+ kernels. I would suggest learning iptables instead if you can't get ipchains working with ipfwadm.

[ September 29, 2002: Message edited by: void main ]