toml <toml@xxxxxxx> wrote: > Am Montag, dem 31.07.2023 um 15:36 +0200 schrieb Florian Westphal: > > You need to assign the helper to use in your nftables ruleset. > > > > > You might need to do this from output too if you need > > this to work from the machine itself as well. > > That is my test rule. My Server is both, FTP-Server (Web-Cams) and FTP- > Client for various uploads. > > If I understand correctly, incoming packets (as FTP-Server) will first > activate the helper in prerouting. The input rules then allow the > control channel port 21 and the helper the (related) data channel port > n. > > For outgoing packets (as FTP-Client) first the helper is activated in > the output chain, then port 21 is allowed again, the helper handles the > related data channel. > > Have I understood this correctly? Sounds about right, helper assignment looks correct to me.
