BTW,I think you should use the module----ip_nat_ftp.o On 3/3/06, Richard Simon <rlsimon@xxxxxxxxxxxxxx> wrote:> I dont think you looked at my configuration included in the message.> I have those modules loaded (as you can see from my lsmod output) and I have ftp working on port 21 (which you can infer from my DNAT rule).> I'm just not getting the conntrack to recognize the SYN for the passive connection to be RELATED.>> anyone else have a guess?>> Richard Simon> Giant Killer Robots> 361 Brannan St.> San Francisco, CA 94107> (415) 777-2477>>> > -----Original Message-----> > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx> > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of ludi> > Sent: Thursday, March 02, 2006 6:05 PM> > To: netfilter@xxxxxxxxxxxxxxxxxxx> > Subject: Re: Connection not recognized as RELATED> >> >> > I had settled the problem last time,with help.:)> > First of all, you must insmod ftp_conntrack(nat_ftp_conntrack....etc).> > The module work for processing the ftp connection.> > And then, you should bind ftp on 21port.The module only can track the> > 21port by default.If you want to set other port,you must edit the> > source.> > You may setup your rule to allow the ftp pass.> > Did your ftp work?> > :)> >>
