-2

Please execuse my shallow networking knowledge.

I have the current setup (IP-sec server) tunnelled to (External FTP server), I need to connect to the (External FTP server) through the (IP-sec server) using FTP CLI from any client. My question is is there a way to forward the request from the (IP-sec server) to (External FTP server) directly without having to use FTP CLI on the (IP-sec server) itself.

I tried iptables -t nat -A PREROUTING -p tcp -m tcp --dport 21 -j DNAT --to-destination (External FTP server):21 on the (IP-sec server) but that did not work.

Ali Ahmed
  • 9
  • 2

1 Answers1

-1

You need to do also nat postrouting to source nat the traffic so that it returns back to the same box you are doing the prerouting on.

iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 21 -d (externalFTPserverIP) -j SNAT ip-address-you-want-traffic-to-return-to
Network Technician
  • 45
  • 1
  • 3
  • Thank you so much for your answer, How can I write the command so that it returns to the IP address it came from? For example, If I open the FTP session from my shell, I want the traffic to return to my IP address, and If I ran it from an arbitrary server it returns to that server address? – Ali Ahmed Jul 18 '23 at 08:30
  • I found it, I have to use MASQUERADE to allow the traffic to be routed back to its source. – Ali Ahmed Jul 18 '23 at 09:19