Rikard wrote regarding '[SLE] Iptables rule?' on Tue, Sep 07 at 09:01:
Hi all! Obscure ruleset problem...
(YES i have RTFM on iptables, and assorted firewalling, but i dont get it together anyways...)
Setup:
Firewall (dhcp) | +------DMZ (192.168.2.0/24) | Internal (192.168.1.0/24)
[...]
How do i (and can i) write rules so specific ftp accounts (authenticated internal users) end up on 192.168.1.2 and my external clients end up on the DMZ server [...]
You can't do that with iptables, since you want to do something at the application level. If you had an ftp proxy, you could forward stuff around after the login stage, but you'd probably still have to do some custom programming to connect them to the right machine. Probably easier would be to pick a different port on the outside machine, and forward that one to the regular ftp port on your internal machine. Then just tell the internal users to connect to a non-standard port when then initiate. --Danny