Frank Bulk wrote: > Can anyone confirm that iptables still behaves this way, and if so, code a > fix so that no matter how many packets a PORT or PASV command are split over > (in other words, no matter how small the client's MTU) that iptables ACKs > each packet received on the LAN side and the ALG properly reassembles the > command and sends it out the WAN interface? iptables is a packet filter, not an ALG. You could add more state to the helper, but it would be hard to get right, and I don't think it is worth the effort. Try using a userspace ftp proxy instead. (eg I've used frox with no problems.) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
