On Thursday 2008-05-15 10:43, fenglg wrote: >netfilter-devel: > > I test conntrack-tools using conntrack-tools-0.9.6, libnfnetlink-0.0.33, libnetfilter_conntrack-0.0.89 and linux-2.6.25.3. > When i sync ftp-control connection, everything is ok. conntracks of two pc is:(/proc/net/ip_conntrack) > tcp 6 431975 ESTABLISHED src=192.168.5.139 dst=10.0.2.2 sport=1360 dport=21 packets=10 bytes=592 src=10.0.2.2 dst=192.168.5.139 sport=21 dport=1360 packets=0 bytes=0 [ASSURED] mark=0 use=1 //node1 > > tcp 6 431996 ESTABLISHED src=192.168.5.139 dst=10.0.2.2 sport=1360 dport=21 packets=0 bytes=0 src=10.0.2.2 dst=192.168.5.139 sport=21 dport=1360 packets=5 bytes=374 [ASSURED] mark=0 use=1 //node2 > > But the ftp-data connection can't through node2 if i add iptables' rule in node2. > iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > > I don't understand why ftp-data can't be related to ftp-control. > > Anyone help, thanks! modprobe nf_conntrack_ftp -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
