Re: Ftp, Iptables and masquerade
On Fri, 13 Jul 2001, fr ml wrote:
> I've tried to masquerade my private Lan from the outside,
> but I've got problems for ftp (port 21).
> At first, I've tried such a rule (where eth0 is private and
> eth1 public):
> iptables -t nat -A POSTROUTING -o eth1 -s private_lan
> -d 0.0.0.0/0 -p tcp -m state
> --state NEW,ESTABLISHED,RELATED -j MASQUERADE
> with no success, the packet send are quite masquerade, but
> the reply are still using the original non-masquerade ip
why do you not use the ftp modules ip_conntrack_ftp.o and ip_nat_ftp.o?
They come with the netfilter options in the kernel. Works fine.