I dont think you looked at my configuration included in the message. I have those modules loaded (as you can see from my lsmod output) and I have ftp working on port 21 (which you can infer from my DNAT rule). I'm just not getting the conntrack to recognize the SYN for the passive connection to be RELATED. anyone else have a guess? Richard Simon Giant Killer Robots 361 Brannan St. San Francisco, CA 94107 (415) 777-2477 > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of ludi > Sent: Thursday, March 02, 2006 6:05 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: Connection not recognized as RELATED > > > I had settled the problem last time,with help.:) > First of all, you must insmod ftp_conntrack(nat_ftp_conntrack....etc). > The module work for processing the ftp connection. > And then, you should bind ftp on 21port.The module only can track the > 21port by default.If you want to set other port,you must edit the > source. > You may setup your rule to allow the ftp pass. > Did your ftp work? > :) >
