SNAT and DNAT ftp PORT and PASV cmds.

To: netfilter@lists.netfilter.org
Cc: debian-firewall@lists.debian.org
Subject: SNAT and DNAT ftp PORT and PASV cmds.
From: Mike Mestnik <cheako911@yahoo.com>
Date: Wed, 28 Apr 2004 23:11:36 -0700 (PDT)
Message-id: <[🔎] 20040429061136.29136.qmail@web11907.mail.yahoo.com>

On the debian-firewall list it was discussed that.  SNATed ftp using the
PASV cmd needed an outgoing rule.  Other than "state RELATED" when all
unmatched packets are DROPed.

I am wondering what is the current status of the ftp connection tracking
and ftp nat?  Can ipfilter handle SNAT and DNAT ftp for both the PORT and
PASV cmds?

Matrix  |  SNAT   |  DNAT   | NoNAT
PORT    |  ???    |  ???    | ????
PASV    |  ???    |  ???    | ????

Legend:
Yes, Connections are tracked.
Mangle, Connections are tracked and cmd is nated.
No, Connections are not tracked.

Your reply to debian-firewall@lists.debian.org is greatly appreciated.


	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover

Reply to:

Prev by Date: Re: open ports with firehol
Next by Date: Re: Fwd: Re: Internet sharing only works for a few minutes. URGENT
Previous by thread: Re: open ports with firehol
Index(es):
- Date
- Thread