Port 21 weirdness
I've got a server on the machine that can only bind to 1024+ ports (it runs on Java), but I did previously have IPTables forwarding connections on certain ports to those internally.
For instance, here are my two commands:
iptables -A PREROUTING -t nat -p tcp -d 67.x.x.x --dport 443 -j DNAT --to 67.x.x.x:9100
iptables -A PREROUTING -t nat -p tcp -d 67.x.x.x --dport 21 -j DNAT --to 67.x.x.x:9102
For some reason, if I telnet to the box and connect on port 443 I get the result I expect from connecting on port 9100 (the 910x ports are also opened on the firewall), but if I connect on 21 it doesn't work.
If I leave out the additional rule for 21 connections can't be made. However, if I add the forwarding rule it just hangs before losing the connection. If I connect directly on 9102 the server returns exactly what I would expect.
Can anyone suggest anything that might explain why 21 is causing problems? Alternatively, any thoughts on ports that corporate gateways may enable (other than 443)? The server I'm using doesn't have HTTP tunneling support as yet, and I've had limited success when using port 443 and 21 before with firewalls that don't inspect the contents of packets (since the data bears no resemblance of HTTP or FTP traffic).
Thanks,
Paul
