I use this iptables config It simply redirect to port 21 the connection of 2121(used to run ftp as user instead of root)
*nat
:PREROUTING ACCEPT [200:39210]
:INPUT ACCEPT [6:360]
:OUTPUT ACCEPT [21:1323]
:POSTROUTING ACCEPT [21:1323]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 2121 -j DNAT --to-destination 192.168.0.2:21
COMMIT
# Completed on Sun Jan 24 19:17:55 2016
# Generated by iptables-save v1.4.20 on Sun Jan 24 19:17:55 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2996:188699]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2121 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -d 192.168.0.2/32 -i eth0 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Jan 24 19:17:55 2016
ip4 forwarding is enabled This config works perfect on two virtual machines: one slackware,one centos6 But not my host with slackware. What can i check? I forgot: the server ftp is on a chroot
Solution finally found. ftp is on chroot,and is pure-ftpd This line
Don't work on chroot,but work out of chroot
This line
Works perfect in chroot
I use this firewall script