Hello, adam a écrit : > > I don't want to DNAT outgoing sftp and ftp connections. Exceptions > work well with sftp but FTP of course not because it uses another data > chanell - in passive mode another outgoing connection from high port > to high port. I don't think conntrack can track ougoint FTP protocol > connections. Of course it can, with the FTP conntrack helper nf_conntrack_ftp loaded. See also the RELATED state and the "helper" match in the iptables man page. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
