hello, I had the same problem.. but it was a DNS problem. Most FTP servers do a reverse lookup of your IP address and if that fails it takes a while. Robert > Everything seems to work fine except FTP via NAT. > The interfaces that are not natted handle ftp normally. > When I do ftp from inside where the connection goes thru nat, I get an > instant establisment of connection,syn,ack,syn-ack followed by a 30 > second wait...then all works normally from that point. This 30 second > delay is constant with each new ftp connection. I have tried about > everything in the iptables script. > Passive ftp does the same thing. > All the other protocols seem okay including IRC. > I am running RedHat kernel 2.4.18-24.7.x i686, iptables version 1.2.5, > all the latest RedHat updates. > I have loaded: > ip_conntrack > ip_conntrack_ftp > ip_conntrack_irc > ip_table_nat > ip_nat_ftp > ip_nat_irc > ipt_state > ipt_limit > ipt_REJECT > ipt_LOG > ipt_unclean > ipt_mac > iptable_filter > iptable_mangle > iptable_nat > Should the ftp connection show up in /proc/net/ip_conntrack ? It does > NOT show in there. > Is there a problem with the ipt_nat_ftp module?
