Wasim: Put the following lines at the beginning of your script /sbin/insmod ip_conntrack_ftp /sbin/insmod ip_conntrack_ftp That is the path on my system. Do a which insmod to make sure that is right for your system. I am not running 8.0 on any of the systems I look after. Theoretically, the system should load them when they are all referenced. However, I specifically load all the ones I need in my firewall script. Also, see Rob's rule for related and established. Also, if you want people to be able to initiate FTP sessions from outside your network, you will also nee to allow new connections. Hope that helps. Stu............. -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Wasim Bashir Sent: November 22, 2002 2:37 AM To: stewart.thompson; 'Bantam'; 'netfilter' Subject: RE: FTP Forwarding Hi, neither ip_nat_ftp and ip_conntrack_ftp are loaded, how do i load these ? I'm using redhat 8. Regards, Wasim -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Stewart Thompson Sent: 22 November 2002 10:32 To: Bantam; netfilter Subject: RE: FTP Forwarding Wasim: If you do an lsmod, does it show that ip_nat_ftp and ip_conntrack_ftp are loaded? They are required to make ftp work through nat. Also what Linux Distro and Iptables are you using? Stu......... -----Original Message----- From: netfilter-admin@lists.netfilter.org [mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Bantam Sent: November 22, 2002 2:08 AM To: netfilter Subject: FTP Forwarding Hi, I've been trying to forward port 21 to an ftp server on another machine, IP address 10.0.0.199. eth1 - external (connected to the net) eth0 - internal /sbin/iptables -A FORWARD -p tcp -i eth1 --dport 21 -j ACCEPT /sbin/iptables -A PREROUTING -t nat -p tcp -i eth1 --dport 21 -j DNAT --to 10.0.0.199:21 but can't get it to work.. any ideas ? Thanks Wasim
