Bruno de Paula Larini a écrit : > yes, the two interfaces are in the same network, but it's a limitation > that our ISP imposes to us, as we have a limited range of public IPs in > only one /28 subnet. The objective this "messy" configuration is that > two different groups of users have access to different FTP sites without > having to set a non default port. But why did you connect two interfaces to the same network ? If you need two public IP adresses on the box, couldn't you just assign them to the same interface ? > Would you do that in a different way? If possible, I would assign the two public IP addresses to the same interface. And I would also assign two private addresses to the (interface of the) final server. Then I would setup two FTP server instances to listen on one different private address and port 21 each, and DNAT each public IP address to the corresponding private address. This way you would not need to mangle the FTP ports. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
