[ILUG-BOM] Regarding accessing public ip in lan

Ripunjay Bararia ripunjay at hns.net.in
Fri Oct 15 17:47:23 IST 2010

  On 08-10-2010 10:17, Dattatray Kamble wrote:
> Hi,
>      The setup is as follows --
> Internet --->     Proxy (Squid) ------>    FTP server
>                    eth0-192.y.y.y             192.y.y.y
>                    eth1-118.x.x.x
>        I have few public IP's.
>        I want to nat a public ip to FTP server.So that anyone can access FTP
> server from outside.
>        FTP configured with port no 1111 with listen_port=1111.
>        It is working fine --#ftp 192.y.y.y:1111
>        I want this should work with public ip&  same port n	o.
> please help me out.
> Thanks
You can add the ADDITIONAL 118.x.x.3 (assuming 118.x.x.1 is your 
gateway, and 118.x.x.2 is being used on your eth1), to an
interface alias

# ifconfig eth1:1 118.x.x.3 netmask 255.255.255.x up

then from the internet test if you can ping this new ip address, you can 

telnet route-server.gblx.net and then ping from there to test if the ip 
address is reachable, if yes
then you can add the iptables dst nat rule for your ftp server

#iptables -t nat -A PREROUTING --dst ${PUBLIC-IP} -p tcp --dport ${LAN-HOST-PORT} -j DNAT --to-destination ${LAN-HOST-IP}

As this is a ftp server you might face problems so just to be sure add the following src-nat rule also

#iptables -t nat -A POSTROUTING -d ! ${LAN-HOST-IP} -j SNAT --to ${PUBLIC-IP}


${PUBLIC-IP} = 118.x.x.3
${LAN-HOST-IP} = 192.x.x.x (your ftp server's ip address)
${LAN-HOST-PORT} = 1111 (your ftp server's tcp port)

All the above commands are to be executed on the "Squid" machine, and the FTP server's default gateway _needs_ to be
the LAN IP of the "Squid" machine.

Hope this helps.

Ripunjay Bararia

More information about the Linuxers mailing list