Am 22.07.2010 09:35, schrieb Simon Horman: > From: Hannes Eder <heder@xxxxxxxxxx> > > Use nf_conntrack/nf_nat code to do the packet mangling and the TCP > sequence adjusting. The function 'ip_vs_skb_replace' is now dead > code, so it is removed. > > To SNAT FTP, use something like: > > % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \ >> --vport 21 -j SNAT --to-source 192.168.10.10 > > and for the data connections in passive mode: > > % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \ >> --vportctl 21 -j SNAT --to-source 192.168.10.10 > > using '-m state --state RELATED' would also works. > > Make sure the kernel modules ip_vs_ftp, nf_conntrack_ftp, and > nf_nat_ftp are loaded. > Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
