Hi all I would like to ask you all a question on how to source nat (SNAT) an ftp connection. My network looks something like this. # 000 # 0 0 # 0 0 # 0 192.168.0.0 0 # 0 0 # 0 0 # 0 0 # 000 # | # | 0 0 0 # (165.168.1.1 – eth0) 0 0 # 0000000000000000 0 0 # 0 0 0 DMZ 0 # 0 devlab-fw-00 0 [172.20.1.1 – eth1]--0 172.20.0.0 0 # 0 0 0 0 # 0000000000000000 0 0 # 0 0 # 0 0 0 I have got the following nat rules in my iptables firewall $IPTABLES -t nat -A POSTROUTING -s $NET_DMZ -o eth0 \ -j SNAT --to-source 192.168.1.1 Everything seems to work fine, but ftp on the other hand is not working in active mode. The ftp helper is loaded (ip_conntrack_ftp, ip_nat_ftp). If I do a network scan I can see the connection coming to my machine, but the data connection witch is negotiated in the payload is not natted to the correct ip (192.168.1.1). This is suggesting to me that the ftp helper is not working. I am running a updated version of RedHat 9 current kernel is kernel-2.4.20-31.9. It will be appreciated if someone can help. Regards DevLab -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005
