On Thu, 28 Feb 2008, Jan Engelhardt wrote: > >> >> The 300 proto=6 line comes from conntrack -E --- but if nf_conntrack_ftp > >> >> does not parse streams to port 2121 by default, how could it have > >> >> set up the expectation? > >> > > >> > When NATing packets the helper lookup is repeated based > >> > on the final tuple. > >> > >> But the machine I am running conntrack -E and ftp from do not > >> see the NATting taking place higher up in the routing chain, do they? > > > >You had to load the nf_conntrack_ftp module on the client machine too. > >By which module parameters was it loaded? > > The module was certainly loaded, otherwise `conntrack -E` would > not have printed anything. > No parameters were specified, just `modprobe nf_conntrack_ftp`, > like I said. There is no way it should have analyzed port 2121 ftp. Any long forgotten nf_conntrack_ftp related option setting under /etc/modprobe.d/ or in /etc/modprobe.conf? Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
