netfilter-devel:
I test conntrack-tools using conntrack-tools-0.9.6, libnfnetlink-0.0.33, libnetfilter_conntrack-0.0.89 and linux-2.6.25.3.
When i sync ftp-control connection, everything is ok. conntracks of two pc is:(/proc/net/ip_conntrack)
tcp 6 431975 ESTABLISHED src=192.168.5.139 dst=10.0.2.2 sport=1360 dport=21 packets=10 bytes=592 src=10.0.2.2 dst=192.168.5.139 sport=21 dport=1360 packets=0 bytes=0 [ASSURED] mark=0 use=1 //node1
tcp 6 431996 ESTABLISHED src=192.168.5.139 dst=10.0.2.2 sport=1360 dport=21 packets=0 bytes=0 src=10.0.2.2 dst=192.168.5.139 sport=21 dport=1360 packets=5 bytes=374 [ASSURED] mark=0 use=1 //node2
But the ftp-data connection can't through node2 if i add iptables' rule in node2.
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
I don't understand why ftp-data can't be related to ftp-control.
Anyone help, thanks!
Sincerely
Felix
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
