On Wed, 28 May 2003, Justin wrote: >On Tue, 27 May 2003, Joe wrote: > > Justin Zygmont wrote: > > > > >I have setup iptables to do NAT and I was suprised that it still does > > >not appear to be doing stateful routing. When I ftp to a remote > > > system from a machine behind the firewall, 'ls' still wont show a > > > file listing, ICQ, etc, cannot recieve files. Here are my 2 lines > > > for masquerading: > > > > > >iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > >iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > > > > It's working fine here - > > > > Are the ip_conntrack_ftp and ip_nat_ftp > > modules loaded? > ahh, I didn't have ip_nat_ftp, now it does work. thanks! I was wondering where most people place "modprobe" statements so they start up during a reboot. Is /etc/rc.d/rc.local okay or is there a "better" place? What about the above iptables addition? The file /etc/sysconfig/iptables recommends against manual entry. Thanks, Frank
