On Tue, Oct 8, 2013 at 1:06 PM, Rob Sterenborg (lists) <lists@xxxxxxxxxxxxxxx> wrote: > On 10/08/2013 07:46 AM, Anand Raj Manickam wrote: >> >> Is there a way to bypass nat ftp helper for a few connections and >> allow the rest of the FTP connections to NAT with the FTP helper >> module ? >> The need is to NAT the FTP control and data connections without >> conntrack-helpers . > > > See man iptables, specifically the raw table: > > raw: > This table is used mainly for configuring exemptions from connection > tracking in combination with the NOTRACK target. It registers at the > netfilter hooks with higher priority and is thus called before ip_conntrack, > or any other IP tables. It provides the following built-in chains: > PREROUTING (for packets arriving via any network interface) OUTPUT (for > packets generated by local processes) > > > -- > Rob > Thanks for your response Rob. The setup is a router and I m tryin to SNAT so the choice i have is on FORWARD / POSTROUTING chain. I need connection tracking as i need to NAT the traffic without the nat ftp helper module . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
