Hi, You have to accept RELATED packet in your FORWARD rule : iptables -I FORWARD -m state --state RELATED -j ACCEPT should help. Le mardi 03 mai 2005 à 18:05 +0600, Metal Gear a écrit : > Hi, > i wanted to do SNAT on FTP connections which are destined from my local > network to outside network. I tried the SNAT for ssh and it was working with > the following rule > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 <http://192.168.1.0/24> -p > tcp -m tcp --dport 22 -m state --state NEW -j SNAT --to > 192.168.1.5<http://192.168.1.5> > > I tried the following rules for FTP but it is no working > > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 <http://192.168.1.0/24> -p > tcp -m tcp --dport ftp -m state --state NEW,ESTABLISHED,RELATED -j SNAT --to > 192.168.1.5 <http://192.168.1.5> > > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 <http://192.168.1.0/24> -p > tcp -m tcp --sport ftp-data -m state --state NEW,ESTABLISHED,RELATED -j SNAT > --to 192.168.1.5 <http://192.168.1.5> > > Can someone assist me in this situation. > Thanks
