LeRoy Cressy on Tue, 16 Apr 2002 00:20:25 +0200


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] problems uploading through browser/ftping


The 192.168.x.x are private ip addresses that anyone can use.  You
cannot connect to a private ip address from outside the local net cannot
be reached.  Now if you set up port forwarding so that port 80 gets sent
to the web server, port 22 gets sent to the ssh server that you allow
access to from the outside,  

Your firewall will have a minimum of 2 ethernet cards with eth0 having
the real IP address and the other ethernet cards reflecting the local ip
address.  Also you need to set up port forwarding to work from inside
your local network to the outside.

# This allows your local port 25 to get out toi the outside world
iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 192.168.1.0/16 --dport
25 \
	-j SNAT --to 64.194.227.197

# This allows mail from the Internet to get to your mail server
iptables -t nat -A PREROUTING  -i eth0 -p tcp --dport 25  \
	-j DNAT --to 192.168.10.1

Now you were talking about ftp specifically and for ftp to work you need
to port forward both ftp and ftp-data

jon wrote:
> 
> Ok.... so maybe I'm missing something here, but I'm having some weird
> problems accessing my box @ home from outside the network.
> 
> It's a Mandrake 8.2 box running PHP 4.1.2 and wu-ftp 2.6.2. I've got a
> D-Link router running on there as well, acting as a firewall.
> 
> Here's the issue, if I'm inside the firewall I can connect to the server @
> www.gokart4xmas.com or by its numeric IP no problem, but when I try, for
> instance, to access the ftp server by name, my client says "Failed to
> establish data socket." It works fine, if I use the 192.168.x.x address
> internally.
> 
> It does, however, give me the welcome message in either case.
> 
> >From outside, I get the welcome message but no "data socket" no matter what.
> 
> Same thing goes for the webserver -- apache is up and running fine, but if I
> try and upload, I get the same behavior described above.
> 
> Any ideas? Did I manage to block something I shouldn't have? If that's the
> case, why would it fail behind the firewall? Feel free to portscan me, if
> that'll help -- 66.149.101.186...
> 
> Thanks a lot,
>         -- jon
> 
> -------------
> jon roig
> senior manager, online production
> epilepsy foundation
> 
> ______________________________________________________________________
> Philadelphia Linux Users Group       -      http://www.phillylinux.org
> Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
> General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug

-- 
Rev. LeRoy D. Cressy   mailto:leroy@lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

Jesus saith unto him, I am the way, the truth, and the life: 
no man cometh unto the Father, but by me. (John 14:6)

______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug