> i wanted to do SNAT on FTP connections which are destined > from my local > network to outside network. I tried the SNAT for ssh and it > was working with > the following rule > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -p > tcp -m tcp --dport 22 -m state --state NEW -j SNAT --to > 192.168.1.5 > > I tried the following rules for FTP but it is no working > > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -p > tcp -m tcp --dport ftp -m state --state > NEW,ESTABLISHED,RELATED -j SNAT --to > 192.168.1.5 > > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -p > tcp -m tcp --sport ftp-data -m state --state > NEW,ESTABLISHED,RELATED -j SNAT > --to 192.168.1.5 modprobe ip_conntrack_ftp modprobe ip_nat_ftp $IPT -A FORWARD -m state --state RELATED,ESTABLISHED \ -j ACCEPT # This will handle ftp-data (port 20) as well because # it is related to ftp (port 21). $IPT -A FORWARD -s 192.168.1.0/24 -p tcp --dport 21 \ -j ACCEPT $IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -p tcp \ --dport 21 -j SNAT --to <ext-ip> If 192.168.1.0/24 is your internal network, then 192.168.1.5 is an internal IP too. If you want to use ftp from your internal to an external network then your SNAT ip would have an external IP, not 192.168.1.5 which is internal. My guess is to replace 192.168.1.5 with an IP that is not in 192.168.1.0/24 (or you made a typo ?). Gr, Rob
