Any ideas? ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Gary W. Smith Sent: Tue 6/28/2005 10:06 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: FTP and IPSEC This is a follow up to a former problem, but unreleated. I have two networks conencted via IPSEC. On each side of the network I have client servers that have SNAT/DNAT to the internet. Everything seems to work well under ISPEC except ftp. Here is what I found. >From location A, a workstation without a static external IP address on the 10.0.10.x can FTP anywhere on the net without problems but CANNOT ftp to a machine at location B using it's internal 10.0.50.x IP. This same workstation CAN ftp without restriction to it's external alias for the same machine at location B using it's external IP 199.199.199.x If I remove ip_nat_ftp and ip_conntrack_ftp it seems to work fine. But the problem is now that we cannot ftp externally from that location. Both locations have ip_nat_ftp loaded but it doesn't seem to matter. When we had a pptp connection between the two locations we didn't have this problem. It only seems to happen with IPSEC. Is there a workaround for this or is there a way to tell ip_nat_ftp to ignore a particular IP range? Gary Smith
