Nos en a fentebbi scriptemet millonyi mas dologgal kiprobaltam, es nem mukodik at FTP eleres. (Azota a 40004-es porton kellene)
Ime nehany kiprobalt beallitas:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 40004 -j DNAT --to-destination 192.168.0.2:40004
iptables -A FORWARD -i eth1 -o eth0 -p TCP --sport 1024:65535 --dport 1024:65535 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p TCP --sport 1024:65535 --dport 1024:65535 -j ACCEPT
iptables -A FORWARD -d 192.168.0.2 -p tcp --dport 40004 -j ACCEPT
iptables -A FORWARD -s 192.168.0.2 -p tcp --sport 40004 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 195.228.0.234 --dport 40004 -j DNAT --to-destination 192.168.0.2
iptables -A FORWARD -i eth0 -o eth1 -p tcp --syn -d 192.168.0.5 --dport 40004 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -t nat -p tcp -i eth1 --dport 40004 -j DNAT --to 192.168.0.2:40004
iptables -A FORWARD -i eth1 -p tcp -d 192.168.0.2 --dport 40004 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -m tcp -p tcp --sport ftp-data:ftp
iptables -A FORWARD -o ppp0 -m tcp -p tcp --dport ftp-data:ftp
UNPRIVPORTS="1024:65535"
iptables -A FORWARD -i eth0 -o eth1 -p tcp -s 192.168.0.2 --sport $UNPRIVPORTS -d 192.168.0.1 --dport 40004 -m state --state NEW -j ACCEPT
# This will handle active FTP data transfers
iptables -A FORWARD -i eth1 -o eth0 -p tcp -s 192.168.0.1 -d 192.168.0.2 --sport $UNPRIVPORTS --dport $UNPRIVPORTS -m helper --helper ftp -m state --state RELATED -j ACCEPT
# This will handle passive FTP data transfers
iptables -A FORWARD -i eth0 -o eth1 -p tcp -s 192.168.0.2 -d 192.168.0.1 --sport $UNPRIVPORTS --dport $UNPRIVPORTS -m helper --helper ftp -m state --state RELATED -j ACCEPT
Most annyi tortenik, hogy Connectizal az FTP kliens, majd befagy 1-2 perc utan :D
Ha agyon utnek sem jovok ra, miert nem jo:( Google-ben mar 15. oldalnal tartok ezugyben :S