1 |
On Sun, 19 Apr 2009 14:02:38 -0400 |
2 |
"D.H." <derrickdb1@×××××××.net> wrote: |
3 |
|
4 |
> I'd like to set up an ftp proxy on my home firewall so I can scan for |
5 |
> viruses using clamd. I found frox. Which looks like it will do what |
6 |
> I want. I've pretty much used the default install which makes frox |
7 |
> listen on 127.0.0.1:2121. But, I'm not sure the firewall rules are |
8 |
> working right. |
9 |
> |
10 |
> eth1 is the internal interface |
11 |
> |
12 |
> iptables -A FORWARD -p tcp -i eth1 --destination-port 2121 \ |
13 |
> --destination 127.0.0.1 -j ACCEPT |
14 |
> |
15 |
> iptables -t nat -A PREROUTING -p tcp -i eth1 --destination-port 21 \ |
16 |
> -j DNAT --to-destination 127.0.0.1:2121 |
17 |
> |
18 |
> Either that, or frox itself is having issues. Any ideas? While I'm |
19 |
> at it, is there an alternative to frox? |
20 |
> |
21 |
> |
22 |
> |
23 |
|
24 |
Hi, |
25 |
|
26 |
I believe this schema won't work because "DNAT" target rewrites the |
27 |
destination address in the IP packet headers. Therefore what frox |
28 |
receives is a sequence of packets with destination set to its own |
29 |
address. Try using the "REDIRECT" target which is supposed to rewrite |
30 |
the port fields only. |
31 |
|
32 |
|
33 |
-- |
34 |
Best regards, |
35 |
Daniel |