Dear Guru
I do not know if here is the most apropriated place to send this.
If it is not please send me some good directions.
I am trying to configure a FTP server behind two consecutives packet
filters:
Internet <---> Filter 1 <--> Filter 2 <--> FTP SERVER
At Filter 1 I have:
INET_IFACE=eth1
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p TCP -d $STATIC_IP \
--dport 21 -j DNAT --to-destination 192.168.20.2
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p TCP -d $STATIC_IP \
--dport 20 -j DNAT --to-destination 192.168.20.2
When I launch ftp at the client I can see the following output thru inner
ethernet card (Filter 1 <--> Filter 2):
# tcpdump -e -p -n -i eth0 host 200.231.48.43
User level filter, protocol ALL, datagram packet socket
tcpdump: listening on eth0
11:50:39.261845 0:0:0:0:0:0 0:6:5b:28:62:b2 ip 74: 200.231.48.43.1291 >
192.168.20.2.ftp: S 1376590181:1376590181(0) win 5840 <mss
1460,nop,nop,timestamp 31629423 0,nop,wscale 0> (DF)
180 packets received by filter
# arp -an
? (200.231.48.97) at 00:60:1D:03:7F:41 [ether] on eth1
? (192.168.30.2) at 00:50:DA:27:5B:41 [ether] on eth0
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.30.0 0.0.0.0 255.255.255.252 U 0 0 0 eth0
192.168.20.0 192.168.30.2 255.255.255.0 UG 0 0 0 eth0
0.0.0.0 200.231.48.97 0.0.0.0 UG 0 0 0 eth1
As one can also see, the destination IP address was correctly changed but
the destination ethernet address is 0:0:0:0:0:0 !!
I can't see this packet going out from Filter 2 to FTP server.
Shoudn't this frame have the destination ethernet address
00:50:DA:27:5B:41 which is the gateway for network 192.168.20.0??
What am I missing?
# uname -a
Linux gateway 2.4.10 #1 Wed Sep 26 17:52:16 BRT 2001 i686 unknown
Ethy H. Brito /"\
InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil / \