February 12, 2009 at 9:37 am #41467
I am just discovering ZeroShell and I am trying to use it for a network.
For now, I succeed to configure hosts behind Zeroshell and they can access to Internet with the IP address of the router.
My network configuration looks like :
eth1 Zeroshell eth0
Local network ----
DMZ ( With FTP server 192.168.2.2)
ZeroShell network configuration :
pppo (inet addr:XXX.XXX.XXX.189 P-t-P:XXX.XXX.XXX.1 (PPPoE: ETH01)
Router - NAT
| Available Interfaces | NAT Enabled Interfaces |
| eth0 | pppo |
| eth1 | |
| eth2 | |
My FTP server works well when I try to call it from localhost or from Zeroshell server,
but not from Internet because I didn’t success to build the good rules in Zeroshell.
I think I have just to forward port 21 and 20 to the FTP server 192.168.2.2.February 16, 2009 at 7:56 am #47601
That’s right, you have to allow ports 20 and 21 (usually only 21 is ok), but this is only for the control messages. If your transfer is not starting you should check the states of the firewall to allow all the traffic related to the ftp.February 16, 2009 at 10:17 am #47602
First, thanks to answer.
In the firewall, I only can access to the following chains :
I think, to redirect port, I have to access to the PRE_ROUTING chain ?
I try to put rules on the FORWARD chain such as :
* Destination IP : IP of the FTP server (18.104.22.168)
* INPUT : ETH01
* OUTPUT : ETH02
* PROTOCOLE matching : TCP (source port 21 , destination port 21)
I did the same with 20 port.
But, it didn’t work (with this rules). I can’t connect from outside.February 16, 2009 at 1:13 pm #47603
The situation has involved.
I only added information in the PREROUTING chain.
With the command line iptables , I did :
iptables -t nat -A PREROUTING -p udp -i ETH01 --destination-port 21 -j DNAT --to-destination=192.168.2.2
iptables -t nat -A PREROUTING -p tcp -i ETH01 --destination-port 21 -j DNAT --to-destination=192.168.2.2
iptables -t nat -A PREROUTING -p udp -i ETH01 --destination-port 20 -j DNAT --to-destination=192.168.2.2
iptables -t nat -A PREROUTING -p tcp -i ETH01 --destination-port 20 -j DNAT --to-destination=192.168.2.2
Now, when I try from outside, I can connect and just after I have the following message.
Connection closed by the remote hostFebruary 16, 2009 at 3:16 pm #47604
In a Router Section you have VIRTUAL SERVERS.
Input Interface ppp0
IP address ANY (or if you wish specific public ip to answer to ftp request)
Local Port(source) for 21
Remote IP 192……..(your internal ftp server ip)
remote port(destination port on which you want your server to answer 21 for ftp)
this wokred for meFebruary 16, 2009 at 4:40 pm #47605
Thanks a lot bbozo 😀 .
You are right from the Interface, it directly goes well.
I didn’t know where to find the PREROUTING in Zeroshell.
Now, my FTP server is available from the outside.
Solution gave just before (abstract) :
On the left, section ‘Network‘, menu ‘Router‘
At the top, select the tabbed panel named ‘Virtual Server’
and enter the redirection.
You must be logged in to reply to this topic.