Ftp'ing thru a Iptables NAT Masquerade

system · August 29, 2002, 10:59am

Greetings to all.

My new firewall is giving me one hell of a problem.

I'm running iptables and masquerading my intranet
thru NAT. But here is the problem. Whenever I try
to FTP to a server outside of my lan I get a 500
illegal port error.

I've come to the conclusion that NAT is using a port
too high for most servers out there. Does anyone
know where I can set a better range to work with?

Any recomendations on what range would be better?
I've only got a handful of machines behind it but they
are a web server and an SQL server so they might be
a little busy but not a huge drain on ports.

Thank You in Advance.

Leigh_Stone · August 30, 2002, 7:42am

What version of iptables are you running....there have been a number of ftp issues with earlier versions....I think the latest for Linux is 1.2.6

photon · September 4, 2002, 1:18pm

Check your firewall script and see if it says something like
this:

# Supports the proper masquerading of FTP file transfers using the PORT method
echo -en "FTP, "
/sbin/modprobe ip_masq_ftp

From howto :

Check to see that the "ip_masq_ftp" module is loaded. To do this, log into the MASQ server and run the command "/sbin/lsmod".