iptables for ftp access on a guest machine

ultrabeet's picture

Forums: 

Hi Everyone,
I am new to Linux and recently came across a problem:
I have a Debian 4.4.5-8 machine with Proxmox installed. A guest machine has Windows Server 2008 R2 and filezilla server installed (listening port 21, passive mode ports 8022-8030), windows firewall has been switched off, ip - 10.0.1.101.
How to configure iptables correctly so I could have a public ftp access using 8021 port? Is that even possible?
Thanks

Re: iptables for ftp access on a guest machine

IntnsRed's picture

In general, I dislike playing with iptables unless I really have to (it can make things hard to diagnose later when I forget things), so I have to wonder if you'd be able to use the ftp client's sendport commands and do what you need with just the ftp client.

But either way, off the top of my head (read: check the syntax in "man iptables") something like:

iptables -t nat -I PREROUTING -p tcp -d 10.0.1.101 --dport 21 -j REDIRECT --to-ports 8022

would do the trick.

Re: iptables for ftp access on a guest machine

ultrabeet's picture

Thank you for your answer. Unfortunately I am still getting:

Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,31,91)
Command: MLSD
Response: 425 Can't open data connection.
Error: Failed to retrieve directory listing

I think I need to have rules for 8022:8030 (passive mode ports) as well, but I have tried your suggestion with my port range and it still does not allow me to get directory listing...

Any ideas?

Thanks