Thnx for the reply. I fixed it by upgrading to 4.15 kernel > -----Original Message----- > From: Thomas Bätzler <t.baetzler@xxxxxxxxxx> > Sent: woensdag 14 november 2018 08:17 > To: 'netfilter@xxxxxxxxxxxxxxx' <netfilter@xxxxxxxxxxxxxxx> > Cc: Vink, Ronald <ronald.vink@xxxxxxxxxxxx> > Subject: AW: cant get ftp forwarding working > > Vink, Ronald <ronald.vink@xxxxxxxxxxxx> asked: > > > I want to forward ftp traffic from outside to a server in a local network. > > I am using active ftp connection. > > It is working with a 3.5.4 kernel system, but not on a newer 4.9.59 > > Starting with Linux 4.9, conntrack helper modules behave differently than > before. > > The module needs to be loaded, of course, using "modprobe > nf_conntrack_ftp" > or something like this. > > Then you can activate the old behaviour using "sysctl -w > net.netfilter.nf_conntrack_helper=1" or use the helper by adding a rule in > the raw table like this: > > *raw > :PREROUTING ACCEPT [764:66450] > :OUTPUT ACCEPT [671:1021727] > -A PREROUTING -p tcp -m tcp --dport 21 -j CT --helper ftp > COMMIT > *filter > :INPUT DROP [22:2928] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [446:63567] > -A INPUT -i lo -j ACCEPT > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT > -A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT > COMMIT > > Best regards, > i.A. Thomas Bätzler > -- > BRINGE Informationstechnik GmbH > Zur Seeplatte 12 > D-76228 Karlsruhe > Germany > > Fon: +49 721 94246-0 > Fon: +49 171 5438457 > Fax: +49 721 94246-66 > Web: http://www.bringe.de/ > > Geschäftsführer: Dipl.-Ing. (FH) Martin Bringe > Ust.Id: DE812936645, HRB 108943 Mannheim
