[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables not so stateful

Eric Gaumer <gaumerel@titan.ecs.fullerton.edu> writes:

> Nevermind, I'm an idiot... I never knew the ip_nat_ftp module existed.
> Once I inserted this things started working with active FTP. 
>
> Man you can't believe how much time I spent fooling around with this. I
> just assumed active didn't work on a nat'ed gateway. 

Don't worry about it, I was confused about first time I ran it too. If I
remember correctly, ip_conntrack module gets loaded automatically when
you use state in your iptables rules, but the ip_nat_ftp doesn't and
have to be loaded manually (even though it should be obvious from your
rules that you are doing NAT).

-- 
John L. Fjellstad
web: http://www.fjellstad.org/          Quis custodiet ipsos custodes
Reply to: