From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alex@reutman.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.2.5
X-Virus-Scanned: amavisd-new at reutman.ru
Message-ID: <4A14D6DC.80604@reutman.ru>
Date: Thu, 21 May 2009 08:21:48 +0400
From: Alexey Sidorov <alex@reutman.ru>
User-Agent: Thunderbird 2.0.0.21 (X11/20090430)
MIME-Version: 1.0
To: gik_altlinux@mail.ru, 
	ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
References: <200905210903.34765.gik_altlinux@mail.ru>
In-Reply-To: <200905210903.34765.gik_altlinux@mail.ru>
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 8bit
Subject: Re: [Sysadmins] =?koi8-r?b?RlRQIMkgbmF0X2Z0cA==?=
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2009 04:21:02 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/4A14D6DC.80604@reutman.ru/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

Igor Golovichev пишет:
> Добрый день.
> 
> Не работает ftp из подсети с nat
> Причем к ftp серверам подключается, по каталогам переходит, но файлы не 
> копирует и большие каталоги не читает.
> Как в винде так и с линукса.
> На самом серваке ftp работает.
> В чем дело не пойму.
> 
> # lsmod|egrep "ftp|ipt"
> ipt_ttl                 2944  0
> ipt_TCPMSS              5248  0
> ipt_tos                 2688  0
> iptable_mangle          5760  0
> ipt_REJECT              6400  2
> iptable_filter          5632  1
> ipt_MASQUERADE          3712  14
> iptable_nat            10884  1
> ip_tables              15592  3 iptable_mangle,iptable_filter,iptable_nat
> x_tables               17156  9 
> xt_state,ipt_ttl,ipt_TCPMSS,ipt_tos,ipt_REJECT,ipt_MASQUERADE,xt_tcpudp,iptable_nat,ip_tables
> ip_conntrack_ftp        9840  0
> ip_nat_ftp              5120  0
> ip_nat                 19856  4 vzrst,ipt_MASQUERADE,iptable_nat,ip_nat_ftp
> ip_conntrack           61252  7 
> xt_state,vzrst,vzcpt,iptable_nat,ip_conntrack_ftp,ip_nat_ftp,ip_nat
> 
> 
> #ftp
> 
> *nat
> -A POSTROUTING -s 192.168.133.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 
> 20:21 -j SNAT --to-source 62.33.40.123
> -A POSTROUTING -s 192.168.133.0/255.255.255.0 -o ppp0 -p udp -m udp --dport 
> 20:21 -j SNAT --to-source 62.33.40.123
> 
> *filter
> -A INPUT -i ppp0 -p tcp -m tcp --sport 20 -m state --state 
> RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -i ppp0 -p tcp -m tcp --sport 21 -m state --state 
> RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -i ppp0 -p tcp -m tcp --sport 1024:65535 -m state --state 
> RELATED,ESTABLISHED -j ACCEPT
> -A OUTPUT -o ppp0 -p tcp -m tcp --sport 21 -m state --state 
> NEW,RELATED,ESTABLISHED -j ACCEPT
> -A OUTPUT -o ppp0 -p tcp -m tcp --sport 1024:65535 -m state --state 
> NEW,RELATED,ESTABLISHED -j ACCEPT
> 

А -A FORWARD не надо?

-- 
Alexey Sidorov
	mailto:alex@reutman.ru
	JID: alex@reutman.ru
	ICQ: 5052225