Probably something simple again, I am battling with outbound active ftp
connections from my firewall directly ie not routed
I have the following in the raw table
-A PREROUTING -p tcp -m tcp --dport 21 -j CT --helper ftp
-A OUTPUT -p tcp -m tcp --dport 21 -j CT --helper ftp
when connecting with ftp
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
425 Unable to build data connection: Connection refused
ftp> passive
Passive mode on.
ftp> ls
450 LIST: Connection refused
Passive mode refused.
ftp> quit
modules loaded
nf_log_ipv4 16384 12
nf_log_common 16384 1 nf_log_ipv4
nf_reject_ipv4 16384 1 ipt_REJECT
nf_conntrack_pptp 16384 1
nf_conntrack_proto_gre 16384 1 nf_conntrack_pptp
nf_conntrack_ftp 20480 2
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
nf_conntrack_ipv4 16384 28
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
nf_nat 28672 3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
nf_conntrack 114688 9
nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_proto_gre,xt_CT,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat
--
Thank you,
Mark Adrian Coetser
mark@xxxxxxxxxxxx
We are anthill men upon an anthill world.
-- Ray Bradbury
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
