On 08-10-2010 10:17, Dattatray Kamble wrote:
Hi,
The setup is as follows --Internet ---> Proxy (Squid) ------> FTP server eth0-192.y.y.y 192.y.y.y eth1-118.x.x.x
I have few public IP's. I want to nat a public ip to FTP server.So that anyone can access FTPserver from outside. FTP configured with port no 1111 with listen_port=1111. It is working fine --#ftp 192.y.y.y:1111 I want this should work with public ip& same port n o.
please help me out.
Thanks
Hey, You can add the ADDITIONAL 118.x.x.3 (assuming 118.x.x.1 is your gateway, and 118.x.x.2 is being used on your eth1), to an interface alias
# ifconfig eth1:1 118.x.x.3 netmask 255.255.255.x up
then from the internet test if you can ping this new ip address, you can use
telnet route-server.gblx.net and then ping from there to test if the ip address is reachable, if yes then you can add the iptables dst nat rule for your ftp server
#iptables -t nat -A PREROUTING --dst ${PUBLIC-IP} -p tcp --dport ${LAN-HOST-PORT} -j DNAT --to-destination ${LAN-HOST-IP}
As this is a ftp server you might face problems so just to be sure add the following src-nat rule also
#iptables -t nat -A POSTROUTING -d ! ${LAN-HOST-IP} -j SNAT --to ${PUBLIC-IP}
where
${PUBLIC-IP} = 118.x.x.3 ${LAN-HOST-IP} = 192.x.x.x (your ftp server's ip address) ${LAN-HOST-PORT} = 1111 (your ftp server's tcp port)
All the above commands are to be executed on the "Squid" machine, and the FTP server's default gateway _needs_ to be the LAN IP of the "Squid" machine.
Hope this helps.
regards Ripunjay Bararia