Wikipedia

User:Karabatikos/Sandbox

< User:Karabatikos

A linux PC with two network cards, ftp from one subnet to the other

edit

I have the following setup: 

Desktop (Debian Squeeze)
eth1 (fixed) 192.168.0.32  ------------- router (192.168.0.3) --------- ISP
eth0 (fixed) 172.17.2.1                    |
      |                                    |
      |                                    |
Laptop1 (Ubuntu Maverick)              Laptop2 (Windows XP)
eth0 (fixed ip) 172.17.2.100           dhcp (wireless card) 192.168.0.104

Desktop and Laptop1 have web servers running. Laptop2 har a filezilla ftp server running. At this stage, Laptop1 can access the web server of Desktop, and Desktop can access the web server of Laptop1 (by ip-addresses). Desktop can access the ftp-server of Laptop2. There is no connectivity between the 192.168.0.* and the 172.17.2.* networks.

Based on this i did the following: 

(On Desktop, as root)
echo "1" > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
My /etc/network/interface files

Desktop 

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet static
address 192.168.0.32
netmask 255.255.255.0
gateway 192.168.0.3

auto eth0
iface eth0 inet static 
address 172.17.2.1
netmask 255.255.255.0

Laptop1 

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 172.17.2.100
netmask 255.255.255.0
gateway 172.17.2.1

Now, Laptop1 can access the router (by ip) and the internet (by ip address only, I nslookup'ed some sites from Desktop and tested them on Laptop1). Getting DNS lookup to work on Laptop1 is not important now. However, ftp from Laptop1 to Laptop2 (using ip-address 192.168.0.104) did not work correctly. I was allowed to log in, but when doing "ls" or "dir", I get the message 

150 Opening data channel for directory list.

And nothing more happens. It just hangs forever. I tried modifying the iptables rules to 

/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

but that made no difference. After some googling, I found out that using ftp passive mode would solve the problem, i.e. 

ftp -p 192.168.0.104

and ftp works.

  • He he, one problem gets solved after another while preparing the question. Maybe everything will be solved before I ever get to posting this :-)


xxxxxxxxxxxxxxxxxxxxxxxxxxx

I have read this HOWTO about building a linux bridging firewall, but that is not the setup I'm trying to achieve.

Retrieved from "https://en.wikipedia.org/w/index.php?title=User:Karabatikos/Sandbox&oldid=434942668"