https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813268#M2608 boooo, (kinda cool moniker...) <BR /><BR />the log in question would be<BR /><BR />/var/log/messages<BR /><BR />unless you've set up your iptables to log elsewhere. <BR /><BR />It might be instructive to run a packet sniffer (like ethereal) to watch what happens on the interfaces when ftp connections are attempted.<BR /><BR />Best Regards, <BR />Mark Fri, 27 Sep 2002 23:42:15 GMT Mark Fenton 2002-09-27T23:42:15Z https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813265#M2605 i have setup linux box with redhat 7.2 as a router. it has 2 nics, eth1 is the net nic and eth0 is the lan nic.<BR />im running an ftp on a machine on the lan but i also want it to be available through the net. so i just want to forward the port from the router to the internal machine. and i havent been able to get an iptables rule(s) setup to do it. i also chose to accept connections be default and only drop those connections to specific ports that i choose, rather than close everything and only open those that i chose....<BR />heres what i tried<BR /><BR />iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to-dest 192.168.1.10:21<BR />iptables -A FORWARD -p tcp -i eth1 --dport 21 -d 192.168.1.10 -j ACCEPT<BR /><BR />i dont think i should need the second line since i have chosen to accept all connections except those speicified, but i figured it was worth a shot anyway...<BR /><BR />anyone have any ideas? Wed, 25 Sep 2002 14:18:51 GMT https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813265#M2605 boooo radly 2002-09-25T14:18:51Z https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813266#M2606 Hi,<BR />ftp is a specific protocol, because it's storing in the datas during connection the port on each side to established data tranfer.<BR />the ftp-data (port 20) is also used !!<BR />There's a passive mode which permit to avoid the port in data described bellow.<BR />THe best thing is to authorize to go outside any ports gt 1024, and inside the port 20.<BR />If you need ftp from both side, then you will have to open much more other ports.....<BR />See your deny tcp packets from the log to see all what is needed when you try an ftp session...<BR /><BR />hope it will help<BR />Benoit Thu, 26 Sep 2002 08:53:35 GMT https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813266#M2606 benoit Bruckert 2002-09-26T08:53:35Z https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813267#M2607 where would i find the logs for my tcp connections? i looked and couldnt find anything....but im not exactly sure what file(s) im looking for...<BR /><BR />thanks for the help Thu, 26 Sep 2002 16:12:34 GMT https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813267#M2607 boooo radly 2002-09-26T16:12:34Z https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813268#M2608 boooo, (kinda cool moniker...) <BR /><BR />the log in question would be<BR /><BR />/var/log/messages<BR /><BR />unless you've set up your iptables to log elsewhere. <BR /><BR />It might be instructive to run a packet sniffer (like ethereal) to watch what happens on the interfaces when ftp connections are attempted.<BR /><BR />Best Regards, <BR />Mark Fri, 27 Sep 2002 23:42:15 GMT https://community.hpe.com/t5/operating-system-linux/port-forwarding-with-iptables/m-p/2813268#M2608 Mark Fenton 2002-09-27T23:42:15Z