ALT Linux sysadmins discussion
 help / color / mirror / Atom feed
From: Igor Golovichev <gik_altlinux@mail.ru>
To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
Subject: [Sysadmins] FTP и nat_ftp
Date: Thu, 21 May 2009 09:03:33 +0500
Message-ID: <200905210903.34765.gik_altlinux@mail.ru> (raw)

Добрый день.

Не работает ftp из подсети с nat
Причем к ftp серверам подключается, по каталогам переходит, но файлы не 
копирует и большие каталоги не читает.
Как в винде так и с линукса.
На самом серваке ftp работает.
В чем дело не пойму.

# lsmod|egrep "ftp|ipt"
ipt_ttl                 2944  0
ipt_TCPMSS              5248  0
ipt_tos                 2688  0
iptable_mangle          5760  0
ipt_REJECT              6400  2
iptable_filter          5632  1
ipt_MASQUERADE          3712  14
iptable_nat            10884  1
ip_tables              15592  3 iptable_mangle,iptable_filter,iptable_nat
x_tables               17156  9 
xt_state,ipt_ttl,ipt_TCPMSS,ipt_tos,ipt_REJECT,ipt_MASQUERADE,xt_tcpudp,iptable_nat,ip_tables
ip_conntrack_ftp        9840  0
ip_nat_ftp              5120  0
ip_nat                 19856  4 vzrst,ipt_MASQUERADE,iptable_nat,ip_nat_ftp
ip_conntrack           61252  7 
xt_state,vzrst,vzcpt,iptable_nat,ip_conntrack_ftp,ip_nat_ftp,ip_nat


#ftp

*nat
-A POSTROUTING -s 192.168.133.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 
20:21 -j SNAT --to-source 62.33.40.123
-A POSTROUTING -s 192.168.133.0/255.255.255.0 -o ppp0 -p udp -m udp --dport 
20:21 -j SNAT --to-source 62.33.40.123

*filter
-A INPUT -i ppp0 -p tcp -m tcp --sport 20 -m state --state 
RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --sport 21 -m state --state 
RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --sport 1024:65535 -m state --state 
RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 21 -m state --state 
NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --sport 1024:65535 -m state --state 
NEW,RELATED,ESTABLISHED -j ACCEPT



-- 
С уважением, Головичев Игорь

             reply	other threads:[~2009-05-21  4:03 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-05-21  4:03 Igor Golovichev [this message]
2009-05-21  4:21 ` Alexey Sidorov
2009-05-21  4:59   ` Igor Golovichev
2009-05-21  5:28 ` Владимир Кутявин
2009-05-21  5:39   ` Igor Golovichev
2009-05-21  5:59 ` Dmitry Lebkov
2009-05-21  7:16   ` Игорь Головичев

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200905210903.34765.gik_altlinux@mail.ru \
    --to=gik_altlinux@mail.ru \
    --cc=sysadmins@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git