Klaus Ethgen a écrit : > > Am Sa den 19. Feb 2011 um 17:35 schrieb Pascal Hambourg: > >> IME, nf_conntrack_ftp and nf_nat_ftp handle both passive and active >> modes. Briefly looking at the code, I can see mentions of PASV (standard >> passive), EPSV (extended passive), PORT (standard port) and EPRT >> (extended port). > > True, it looks after PORT, EPRT, and in the reply for 227 and 229. But > false (at I understand the code) it register only for active connections > (coming from port 21 or any port that is configured by option, but that > portlist is limited to 8 ports max). Connections on port 21 are control connections. Port 21 is used neither for active nor passive data connections. > As I read the code there seems no way to find a PORT command in outgoing > connections. But that has to be detected when DNAT is used. What do you mean by "outgoing connections" ? Besides, IIUC your problem seems to be with passive mode, but PORT is used only for active mode. >> Maybe the netfilter list is a better place to ask. > > Is there one? I just find this list and the -devel list but the later > seems not the right place for this problem. The netfilter user mailing list is at netfilter@xxxxxxxxxxxxxxxx However I guess the netfilter developper mailing list at netfilter-devel@xxxxxxxxxxxxxxx is more appropriate to discuss about the code. -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
