> $IPTABLES -t mangle -A PREROUTING -p tcp --dport 21 -s 192.x.y.a - > j ACCEPT > $IPTABLES -t mangle -A FORWARD -p tcp --dport 21 -s 192.x.y.a -m > conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -t nat -A POSTROUTING -s 192.x.y.a -p tcp --dport 21 -j > SNAT --to-source 194.160.1.1 > First thing to bear in mind: The mangle table is purely for packet manipulation actions and should not be used for filtering. Move the two accept rules into the filter table (just omit the -t mangle parameter). Port 21 is only the ftp control port - data uses port 20. If you have the ftp helper try $IPTABLES -t nat -A POSTROUTING -s 192.x.y.a -m helper --helper ftp -j SNAT --to-source 194.160.1.1 -- Richard Horton Users are like a virus: Each causing a thousand tiny crises until the host finally dies. http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats http://www.pbase.com/arimus - My online photogallery -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
