On Wed, Nov 21, 2018 at 04:37:25AM +0000, Jason Rippon wrote: > Is there anything more you need from me? > I have tested this with old Kernel releases, as well as Net-next and the FTP alg does not seem to respect the masquerade --to-ports option. > > e.g > echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper > iptables -t nat -I POSTROUTING -o enp0 -j MASQUERADE -p tcp --to-ports 20000-21000 > Send ftp (EPSV) query > > The control connection is changed from port 21 -> port 20001 > The data connection is changed from port 22912 -> port 54292 FTP data connection packets are adjusted via nf_nat_follow_master(). I don't see how a change to the helper function (that deals with control traffic) can help us fix this.
