Ale <mystic@xxxxxx> wrote:
> I can not make the FTP server work behind nat.
Is the nft machine a middlebox?
Or is it running on the server?
> table ip nat {
> chain prerouting {
> type filter hook prerouting priority 0; policy accept;
> }
>
> chain postrouting {
> type filter hook postrouting priority 100; policy
> accept;
> }
> }
You need to add empty input/output nat chains as well, this is a
limitation that is only resolved in the to-be-released 4.18 kernel, else
locally originating traffic won't be handled correctly.
> With the same rule on iptables both working well.
iptables nat registers all hooks by default, thats the only difference
I can think of that might be at play here.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
