Hello, Klaus Ethgen a écrit : > > I recently played around a new FTP server on KVM host which is connected > via DNAT from the main host. > > Now I was thinking that the conntrac_ftp and nat_ftp module is the > correct one to configure it correct. But after several tests and finally > reading the source code of conntrac_ftp I find out that this bunch of > logic only match for a _client_ behind nat (SNAT) using active FTP. > > So am I right that there is no module out there that supports passive > FTP server behind DNAT? What is your kernel version ? IME, nf_conntrack_ftp and nf_nat_ftp handle both passive and active modes. Briefly looking at the code, I can see mentions of PASV (standard passive), EPSV (extended passive), PORT (standard port) and EPRT (extended port). Maybe the netfilter list is a better place to ask. -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
