This is a better subject description than the previous one. Same configuration. TCPDUMP analysis shows that the response from the server to the client telling it to go to passive mode on port x is retaining the INSIDE address of the server in the command packet and the client therefore tries to initiate the data connection directly to the inside address instead of the outside one. I do see all kinds of related commentary while googling but none that have any solutions for me. If ip_contrack_ftp and ip_nat_ftp are supposed to manage this, they are not. Any assistance would be greatly appreciated. John L Magee - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
