› Forums › Network Management › ZeroShell › FTP server configuration in a DMZ
- This topic is empty.
-
AuthorPosts
-
February 12, 2009 at 9:37 am #41467
nfoata
MemberHi everyone,
I am just discovering ZeroShell and I am trying to use it for a network.
For now, I succeed to configure hosts behind Zeroshell and they can access to Internet with the IP address of the router.
My network configuration looks like :
Internet
eth1 Zeroshell eth0
Local network ----
eth2
| 192.168.1.0/24
|
'
DMZ ( With FTP server 192.168.2.2)
192.168.2.0/24
ZeroShell network configuration :
eth0 192.168.1.254
eth1
eth2 192.168.2.254
pppo (inet addr:XXX.XXX.XXX.189 P-t-P:XXX.XXX.XXX.1 (PPPoE: ETH01)
Router - NAT
,
,
,
| Available Interfaces | NAT Enabled Interfaces |
|
|
|
| eth0 | pppo |
| eth1 | |
| eth2 | |
'
'
'
My FTP server works well when I try to call it from localhost or from Zeroshell server,
but not from Internet because I didn’t success to build the good rules in Zeroshell.I think I have just to forward port 21 and 20 to the FTP server 192.168.2.2.
February 16, 2009 at 7:56 am #47601ppalias
MemberThat’s right, you have to allow ports 20 and 21 (usually only 21 is ok), but this is only for the control messages. If your transfer is not starting you should check the states of the firewall to allow all the traffic related to the ftp.
February 16, 2009 at 10:17 am #47602nfoata
MemberFirst, thanks to answer.
In the firewall, I only can access to the following chains :
– FORWARD
– INPUT
– OUTPUTI think, to redirect port, I have to access to the PRE_ROUTING chain ?
I try to put rules on the FORWARD chain such as :
* Destination IP : IP of the FTP server (192.68.2.2)
* INPUT : ETH01
* OUTPUT : ETH02
* PROTOCOLE matching : TCP (source port 21 , destination port 21)I did the same with 20 port.
But, it didn’t work (with this rules). I can’t connect from outside.
February 16, 2009 at 1:13 pm #47603nfoata
MemberThe situation has involved.
I only added information in the PREROUTING chain.With the command line iptables , I did :
iptables -t nat -A PREROUTING -p udp -i ETH01 --destination-port 21 -j DNAT --to-destination=192.168.2.2
iptables -t nat -A PREROUTING -p tcp -i ETH01 --destination-port 21 -j DNAT --to-destination=192.168.2.2
iptables -t nat -A PREROUTING -p udp -i ETH01 --destination-port 20 -j DNAT --to-destination=192.168.2.2
iptables -t nat -A PREROUTING -p tcp -i ETH01 --destination-port 20 -j DNAT --to-destination=192.168.2.2Now, when I try from outside, I can connect and just after I have the following message.
e.g :
> ftp
Connected to
Connection closed by the remote hostFebruary 16, 2009 at 3:16 pm #47604bbozo
MemberIn a Router Section you have VIRTUAL SERVERS.
Input Interface ppp0
IP address ANY (or if you wish specific public ip to answer to ftp request)
Protocol TCP
Local Port(source) for 21
Remote IP 192……..(your internal ftp server ip)
remote port(destination port on which you want your server to answer 21 for ftp)this wokred for me
February 16, 2009 at 4:40 pm #47605nfoata
MemberThanks a lot bbozo 😀 .
You are right from the Interface, it directly goes well.
I didn’t know where to find the PREROUTING in Zeroshell.Now, my FTP server is available from the outside.
Solution gave just before (abstract) :
On the left, section ‘Network‘, menu ‘Router‘
At the top, select the tabbed panel named ‘Virtual Server’
and enter the redirection. -
AuthorPosts
- You must be logged in to reply to this topic.