On Tue, Oct 8, 2013 at 1:47 PM, Tom van Leeuwen <tom.van.leeuwen@xxxxxxxxxxxxx> wrote: > Unfortunately I don't know how to solve your problem using iptables. > Could you satisfy my curiosity and tell me why you want this? Maybe there's > another path to take. > This is a multi link scenario , where on a Passive FTP connection , The control connection goes on Link1 and Data Connection goes on Link2. If i remove the conntrack helpers (rmmod nf_nat_ftp & nf_conntrack_ftp) , the behaviour is fine. > Regards, > Tom > > > On 10/08/2013 09:42 AM, Anand Raj Manickam wrote: >> >> On Tue, Oct 8, 2013 at 1:06 PM, Rob Sterenborg (lists) >> <lists@xxxxxxxxxxxxxxx> wrote: >>> >>> On 10/08/2013 07:46 AM, Anand Raj Manickam wrote: >>>> >>>> Is there a way to bypass nat ftp helper for a few connections and >>>> allow the rest of the FTP connections to NAT with the FTP helper >>>> module ? >>>> The need is to NAT the FTP control and data connections without >>>> conntrack-helpers . >>> >>> >>> See man iptables, specifically the raw table: >>> >>> raw: >>> This table is used mainly for configuring exemptions from >>> connection >>> tracking in combination with the NOTRACK target. It registers at the >>> netfilter hooks with higher priority and is thus called before >>> ip_conntrack, >>> or any other IP tables. It provides the following built-in chains: >>> PREROUTING (for packets arriving via any network interface) OUTPUT (for >>> packets generated by local processes) >>> >>> >>> -- >>> Rob >>> >> Thanks for your response Rob. >> >> The setup is a router and I m tryin to SNAT so the choice i have is on >> FORWARD / POSTROUTING chain. >> I need connection tracking as i need to NAT the traffic without the >> nat ftp helper module . >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
