Please execuse my shallow networking knowledge.
I have the current setup (IP-sec server) tunnelled to (External FTP server), I need to connect to the (External FTP server) through the (IP-sec server) using FTP CLI from any client. My question is is there a way to forward the request from the (IP-sec server) to (External FTP server) directly without having to use FTP CLI on the (IP-sec server) itself.
I tried
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 21 -j DNAT --to-destination (External FTP server):21
on the (IP-sec server) but that did not work.
You need to do also nat postrouting to source nat the traffic so that it returns back to the same box you are doing the prerouting on.
iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 21 -d (externalFTPserverIP) -j SNAT ip-address-you-want-traffic-to-return-to