> Well, I thought the Connection Tracking > and NAT Modules *for* FTP did please correct me if i am wrong. 2 functions you have. first is ftp NAT algorithm = kernel module ip_nat_ftp + iptables -t nat ... rules) second is connection tracking firewall which looks also inside of ftp control streams = kernel module ip_conntrack and ip_conntrack_ftp + user space rules iptables -t filter(implicit table) -m state --state NEW/ESTABLISHED/RELATED... 4 combiantions you get. none used NAT no firewall no NAT and firewall NAT and firewall where no firewall translates into setting all built-in chains policy to accept traffic (-t nat/filter/mangle PREROUTING/POSTROUTING/INPUT/OUTPUT/FORWARD -P ACCEPT) and having no additional REJECT/DROP rules ps: for NAT you can also use dumb nat if it's 1:1 nat. that's probably set up somehow with "ip route/rule whatever"
