How to redirect 21 port correctly?

Staz · September 19, 2007, 7:21pm

Hello,
I cant redirect port 21 through NAT on my ftp server in lan.

Here is my rule:

chain=dstnat dst-address=89.28.x.x protocol=tcp dst-port=21
action=dst-nat to-addresses=192.168.0.222 to-ports=21 in-interface=WAN

I tried it without in-interface but no luck.

When i trying to acces on ftp through WAN IP (ftр://89.28.x.x) it poped eror “The operation timed out”, but when i try to access it through LAN ip (ftр://192.168.0.222) its ok. What it can be? Thanks for help.

maximan · September 19, 2007, 7:59pm

Remember that FTP use 20 and 21 port tcp. Furthermore, in pasv mode use related connection.
M.

Staz · September 19, 2007, 8:12pm

Still no luck with both ports.

yancho · September 19, 2007, 11:01pm

Your nat rule should work to connections from outside world - you can check it using http://www.net2ftp.com/ or ask someone else to try to connect.
But looks like you are trying access FTP from LAN - 192.168.0.x ?
If so try:

add chain=srcnat action=src-nat to-addresses=(your local gateway ip) to-ports=0-65535  src-address=192.168.0.0/24 dst-address=192.168.0.222  protocol=tcp

Staz · September 20, 2007, 3:33am

yancho:

Your nat rule should work to connections from outside world - you can check it using http://www.net2ftp.com/ or ask someone else to try to connect.
But looks like you are trying access FTP from LAN - 192.168.0.x ?
If so try:
add chain=srcnat action=src-nat to-addresses=(your local gateway ip) to-ports=0-65535  src-address=192.168.0.0/24 dst-address=192.168.0.222  protocol=tcp

Thanks for the site..i cheked and indeed it working, but why then i cant access it through my network with internal IP adress then?

pedja · September 20, 2007, 3:38pm

set dst nat on lan interface too. dstnat rules set on waninterface work only for connctions coming from wan