{ "numMessagesInTopic": 19, "nextInTime": 627, "senderId": "WhZUnYR0brIJ_JzYI5-W7H1BpHG3c2w-0WDNfc4C_nN6wZQOD6ZkcOtpozWcbvyTU_i-roolx7fmell_nVQNgQSJIu2ZILuN", "systemMessage": false, "subject": "Re: IP Forwarding FTP help", "from": ""jasondeno" <j@...>", "authorName": "jasondeno", "msgSnippet": "I tried this rule with no luck. I rebooted each time too. So I tried changing out that 3388 port with 3389. That didn t help either. I double checked and", "msgId": 626, "profile": "jasondeno", "topicId": 578, "spamInfo": { "reason": "0", "isSpam": false }, "replyTo": "LIST", "userId": 78313003, "messageBody": "
> Hmm...When I did this i used 3388 as a return port and it worked.I
\n
> dont know if it will work for you but you can try this:tripped
\n>
\n> $IPTABLES -A PREROUTING -t nat -p tcp --dport 3389 -j DNAT --to
\n> 192.168.1.4:3389
\n> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 3389 -j
\n> ACCEPT
\n> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp --sport 3388 -j
\n> ACCEPT
\n>
\n> Let me know if this works or not...
\n>
\n> Bruce
\n>
\n> --- In magnia_sg20@yahoogroups.com, "jasondeno" <j@i...> wrote:
\n> > I followed your directions, but I'm still getting a little
\n
> > up. I want to forward packets to coming in on port 3389 (WANTerminal
\n> Side)
\n> > to LAN IP 192.168.1.2 on its port 3389. Port 3389 is for
\n
> > Services.the /sa2/firewall/ftps
\n> > I made a folder under /sa2/firewall called Curly (name of my
\n> > internal PC) and copied all the files from
\n
> > folder into it. I then modified the description file to becalled
\n
> > Curly TS. This showed up in the web admin without a hitch. Iport
\n> think
\n> > I'm screwing up on the routing. I edited the rule file in the
\n> Curly
\n> > folder. I tried just changing the first line of your rule to
\n
> > 3389 and my LAN IP, but that didn't work. Then I found the(rebooted
\n> > following online and used it and that didn't work either
\n
> > both times too):I'd
\n> >
\n> > $IPTABLES -A PREROUTING -t nat -p tcp -i eth1 --destination-port
\n> > 3389 -j DNAT
\n> > --to-destination 192.168.1.2
\n> > $IPTABLES -A PREROUTING -t nat -p tcp -i eth1 --destination-port
\n> > 6699 -j DNAT
\n> > --to-destination 192.168.1.2
\n> >
\n> > Any thoughts on what I'm doing wrong? I really don't understand
\n> the
\n> > IP Table stuff and find the man very difficult to understand.
\n
> > like to move this Magnia from my home in its test mode to my<bsandyjr@e...>
\n> > office. But if its going to be used there, I need to be able to
\n> TS
\n> > in as well as get to my WWW, FTP and Mail servers (that'll come
\n> > later).
\n> >
\n> > Thanks!
\n> >
\n> > --- In magnia_sg20@yahoogroups.com, "besandy2003"
\n
> > wrote:(you
\n> > > I got this fixed and decided to post the fix as there was no
\n> clear
\n> > > definition of how to do so from the past.
\n> > >
\n> > > 1. I created a new folder in /SA2/firewall folder called
\n> Intenal
\n> > > FTP server.
\n> > >
\n> > > 2. I copied over a whole set of rules from the VPN folder
\n
> > cansport
\n> > > use any folder though) and placed them in the Internal FTP
\n> > folder.
\n> > >
\n> > > 3. I put the following rule in the rules file:
\n> > > $IPTABLES -A PREROUTING -t nat -p tcp --dport 21 -j DNAT --to
\n> > > 192.168.1.4:21
\n> > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 21 -j
\n> > ACCEPT
\n> > > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp --sport 20 -j
\n> > ACCEPT
\n> > > $IPTABLES -A INPUT -p tcp -i $EXTIF -d $EXTIP --dport 21 --
\n
> > > 2000:2200 -j ACCEPTto
\n> > > $IPTABLES -A OUTPUT -p tcp -o $EXTIF -s $EXTIP --sport
\n> 2000:2200 --
\n> > > dport 2000:2200 -j ACCEPT
\n> > >
\n> > > 4. Go into the description file and Change the description
\n
> > > whatever you would like it to show up as in the Menu of thetab
\n> admin
\n> > > module for the SG20. (I called mine FTP Internal).
\n> > >
\n> > > 5. Bring up the admin Module and go to the /System/firewall
\n
> > andbad
\n> > > select customize. Once in there you should uncheck FTP Server
\n> and
\n> > > Check Internal FTP server or whatever you decided to call it.
\n> > >
\n> > > 6 Apply the settings and reboot (not necessary but never a
\n
> > > idea). Test your connection from the outside world.uses
\n> > >
\n> > > If anyone needs help with this I will be happy to send you the
\n> > > scripts FOR FREE!!! Not $100.
\n> > >
\n> > > Hope this helps, I lost alot of sleep over it.
\n> > >
\n> > > Thanks,
\n> > > Bruce
\n> > >
\n> > >
\n> > >
\n> > > --- In magnia_sg20@yahoogroups.com, "besandy2003"
\n> <bsandyjr@e...>
\n> > > wrote:
\n> > > > I decided to disable the FTP server that is on the SG20 and
\n> use
\n> > my
\n> > > > old FTP Server. It resides on IP address 192.168.1.4 and
\n
> > theconnection
\n> > > > default port 21. I have not been able to make the
\n
> > thusto
\n> > > > far. I read through the archives found a few references to
\n> the
\n> > > same
\n> > > > problem but there was never a solution given. Below are my
\n> > > > IPtables, if anyone has any suggestions I would appreciate
\n> it.
\n> > I
\n> > > > have lost alot of sleep over this one...
\n> > > >
\n> > > >
\n> > > > $IPTABLES -A PREROUTING -t nat -p tcp --dport 21 -j DNAT --
\n
> > > > 192.168.1.4:21j
\n> > > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 21 -
\n
> > > ACCEPTj
\n> > > > $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp --sport 21 -
\n
> > > ACCEPT
\n> > > > $IPTABLES -A INPUT -p tcp -i $EXTIF -d $EXTIP --dport 21 --
\n> sport
\n> > > > 2000:2200 -j ACCEPT
\n> > > > $IPTABLES -A OUTPUT -p tcp -o $EXTIF -s $EXTIP --sport
\n> > 2000:2200 --
\n> > > > dport 2000:2200 -j ACCEPT