Hello bubba community.
I've got a little trouble, that I'm unable to sort out.
My current bubba|two setup is as follows:
I've got 100mbit Ethernet-plug in the wall connected to my VoIP-gateway, set to bridged mode, hence just sending the info on. On the other side of the gateway is my bubba, connected to the WAN port.
On from that (via the LAN port) is a gigabit switch, which connects the rest of my home computer environment.
I've been trying to simply port ports 20 and 21 forward to a LAN computer of mine, but is having troublesome experience with this.
I've turned off the FTP services in the bubba, port forwarded port 20:21 to 20 to the local IP of the machine supplying the FTP server.
Connecting to the external IP of the bubba over FTP from a remote local gives me zilch, nada, null ... nothing.
After a while all that happens is that the FTP client responds that the connection reset due to timeout.
Is the bubba not sending the information on? Can I track the network information flow inside the bubba somehow? The logs haven't been helpful as I seen it, but I might very well have missed something.
I might add that FTP works, albeit very slow with authenticating and browsing server contents if I re-enable the built-in functionality.
Additionally, the FTP works fine through localhost and other LAN computers, so the server itself is responding nicely. The server recieves nothing in terms of connection attempts or anything trying externally.
Is there something vital I'm overlooking or missing?
Thanks in advance.
Best regards,
Ted
Please note the new address for this forum : forum.excito.org. The old address redirects here but I don't know for how long. Thanks !
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
FTP port forwarding trouble
Re: FTP port forwarding trouble
Can you post the output of "iptables-save" here?adlib wrote:Hello bubba community.
I've got a little trouble, that I'm unable to sort out.
My current bubba|two setup is as follows:
I've got 100mbit Ethernet-plug in the wall connected to my VoIP-gateway, set to bridged mode, hence just sending the info on. On the other side of the gateway is my bubba, connected to the WAN port.
On from that (via the LAN port) is a gigabit switch, which connects the rest of my home computer environment.
I've been trying to simply port ports 20 and 21 forward to a LAN computer of mine, but is having troublesome experience with this.
I've turned off the FTP services in the bubba, port forwarded port 20:21 to 20 to the local IP of the machine supplying the FTP server.
Connecting to the external IP of the bubba over FTP from a remote local gives me zilch, nada, null ... nothing.
After a while all that happens is that the FTP client responds that the connection reset due to timeout.
Is the bubba not sending the information on? Can I track the network information flow inside the bubba somehow? The logs haven't been helpful as I seen it, but I might very well have missed something.
I might add that FTP works, albeit very slow with authenticating and browsing server contents if I re-enable the built-in functionality.
Additionally, the FTP works fine through localhost and other LAN computers, so the server itself is responding nicely. The server recieves nothing in terms of connection attempts or anything trying externally.
Is there something vital I'm overlooking or missing?
Thanks in advance.
Best regards,
Ted
Re: FTP port forwarding trouble
carl wrote: Can you post the output of "iptables-save" here?
Code: Select all
# Generated by iptables-save v1.4.1.1 on Mon Aug 10 22:37:07 2009
*filter
:INPUT DROP [25:5367]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1199:199063]
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 3/4 -j ACCEPT
-A FORWARD -d 192.168.10.95/32 -p tcp -m tcp --dport 10000:65535 -j ACCEPT
-A FORWARD -d 192.168.10.95/32 -p tcp -m tcp --dport 20:21 -j ACCEPT
COMMIT
# Completed on Mon Aug 10 22:37:07 2009
# Generated by iptables-save v1.4.1.1 on Mon Aug 10 22:37:07 2009
*nat
:PREROUTING ACCEPT [231:19317]
:POSTROUTING ACCEPT [79:25786]
:OUTPUT ACCEPT [157:31355]
-A PREROUTING -d 83.227.29.95/32 -p tcp -m tcp --dport 10000:65535 -j DNAT --to-destination 192.168.10.95:10000
-A PREROUTING -d 83.227.29.95/32 -p tcp -m tcp --dport 20:21 -j DNAT --to-destination 192.168.10.95:20
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.95/32 -p tcp -m tcp --dport 10000:65535 -j SNAT --to-source 192.168.10.1
-A POSTROUTING -s 192.168.10.0/24 -d 192.168.10.95/32 -p tcp -m tcp --dport 20:21 -j SNAT --to-source 192.168.10.1
COMMIT
# Completed on Mon Aug 10 22:37:07 2009/Ted
Re: FTP port forwarding trouble
Hmm... There seems to be a bug in the forward rule.
Try to create seperate rules for port 20 and 21, and we will investigate this further.
Regards
PA Nilsson, Excito.
Try to create seperate rules for port 20 and 21, and we will investigate this further.
Regards
PA Nilsson, Excito.
Re: FTP port forwarding trouble
Yeah, that works. I'll use this meanwhile. Consider this a bug report then.pa wrote:Hmm... There seems to be a bug in the forward rule.
Try to create seperate rules for port 20 and 21, and we will investigate this further.
Regards
PA Nilsson, Excito.
Thanks.
/Ted