On Tue, Jan 1, 2008, G.W. Haywood wrote: >Hi there, > >On Sat, 29 Dec 2007, John L. Magee wrote: > >> TCPDUMP analysis shows that the response from the server to the client >> telling it to go to passive mode on port x is retaining the INSIDE >> address of the server in the command packet and the client therefore >> tries to initiate the data connection directly to the inside address >> instead of the outside one. >> >> I do see all kinds of related commentary while googling but none that >> have any solutions for me. If ip_contrack_ftp and ip_nat_ftp are >> supposed to manage this, they are not. > >Does this help? > >http://securepoint.com/lists/html/NetFilter/2006-11/msg00209.html > >-- > >73, >Ged. >... No. It is similar but seems to be the reverse situation. For a server being accessed by a client with Passive FTP, should ip_nat_ftp alter the inside address to the outside address when sending the port for the passive data transfer? jlm - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
