I have 2 servers, one as gateway/router, the other one as server. I use iptables to port forward the following ports: 21, 20, 65500-65600. When I connect with Filezilla or Total Commander, the ftp client knows that 10.10.0.1 represents an internal IP address and switches to the external IP address. However, the NPPftp plugin from Notepad++ connects to the server, but when it switches to passive mode, it tries the internal IP address and freezes.
Output:
220 ProFTPD x.x.x Server [10.10.0.1]
-> USER www
331 Password required for www
-> PASS *HIDDEN*
230 User www logged in
-> TYPE A
200 Type set to A
-> MODE S
200 Mode set to S
-> STRU F
200 Structure set to F
-> PWD
257 "/" is the current directory
Connected
-> CWD /
250 CWD command successful
-> PASV
227 Entering Passive Mode (10,10,0,1,255,222).
-> LIST -al
Failure retrieving contents of directory /
Is there a way to return the external IP address for the passive ports from iptables?
Best Answer
From doc http://www.proftpd.org/docs/howto/NAT.html, thereis a MasqueradeAddress address to use, and you are to define the range of ports to allow (or use the conntrack_ftp module like MadHatter said)