FTP server configuration in a DMZ

Forums Network Management ZeroShell FTP server configuration in a DMZ

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #41467

    Hi everyone,

    I am just discovering ZeroShell and I am trying to use it for a network.

    For now, I succeed to configure hosts behind Zeroshell and they can access to Internet with the IP address of the router.

    My network configuration looks like :

    eth1 Zeroshell eth0
    Local network ----
    DMZ ( With FTP server

    ZeroShell network configuration :
    pppo (inet addr:XXX.XXX.XXX.189 P-t-P:XXX.XXX.XXX.1 (PPPoE: ETH01)

    Router - NAT
    | Available Interfaces | NAT Enabled Interfaces |
    | eth0 | pppo |
    | eth1 | |
    | eth2 | |

    My FTP server works well when I try to call it from localhost or from Zeroshell server,
    but not from Internet because I didn’t success to build the good rules in Zeroshell.

    I think I have just to forward port 21 and 20 to the FTP server


    That’s right, you have to allow ports 20 and 21 (usually only 21 is ok), but this is only for the control messages. If your transfer is not starting you should check the states of the firewall to allow all the traffic related to the ftp.


    First, thanks to answer.

    In the firewall, I only can access to the following chains :
    – INPUT
    – OUTPUT

    I think, to redirect port, I have to access to the PRE_ROUTING chain ?

    I try to put rules on the FORWARD chain such as :
    * Destination IP : IP of the FTP server (
    * INPUT : ETH01
    * OUTPUT : ETH02
    * PROTOCOLE matching : TCP (source port 21 , destination port 21)

    I did the same with 20 port.

    But, it didn’t work (with this rules). I can’t connect from outside.


    The situation has involved.
    I only added information in the PREROUTING chain.

    With the command line iptables , I did :

    iptables -t nat -A PREROUTING -p udp -i ETH01 --destination-port 21 -j DNAT --to-destination=
    iptables -t nat -A PREROUTING -p tcp -i ETH01 --destination-port 21 -j DNAT --to-destination=
    iptables -t nat -A PREROUTING -p udp -i ETH01 --destination-port 20 -j DNAT --to-destination=
    iptables -t nat -A PREROUTING -p tcp -i ETH01 --destination-port 20 -j DNAT --to-destination=

    Now, when I try from outside, I can connect and just after I have the following message.

    e.g :
    > ftp
    Connected to
    Connection closed by the remote host


    In a Router Section you have VIRTUAL SERVERS.

    Input Interface ppp0
    IP address ANY (or if you wish specific public ip to answer to ftp request)
    Protocol TCP
    Local Port(source) for 21
    Remote IP 192……..(your internal ftp server ip)
    remote port(destination port on which you want your server to answer 21 for ftp)

    this wokred for me


    Thanks a lot bbozo 😀 .

    You are right from the Interface, it directly goes well.
    I didn’t know where to find the PREROUTING in Zeroshell.

    Now, my FTP server is available from the outside.

    Solution gave just before (abstract) :
    On the left, section ‘Network‘, menu ‘Router
    At the top, select the tabbed panel named ‘Virtual Server’
    and enter the redirection.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.