Re: FTP-server on non-standard port behind DNAT, client behind SNAT

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Покотиленко Костик" <casper@meteor.dp.ua>
To: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Cc: netfilter@vger.kernel.org
Subject: Re: FTP-server on non-standard port behind DNAT, client behind SNAT
Date: Wed, 12 Nov 2008 11:09:06 +0200	[thread overview]
Message-ID: <1226480946.6370.1.camel@casper.meteor.dp.ua> (raw)
In-Reply-To: <4919D9E5.2090603@plouf.fr.eu.org>

В Вто, 11/11/2008 в 20:15 +0100, Pascal Hambourg пишет:
> Pokotilenko Kostik a écrit :
> > 
> > The server advertise the public address itself, it's proftpd with this
> > option:
> > <VirtualHost yyy.yyy.yyy.yyy>
> >   ...
> >   MasqueradeAddress xxx,xxx,xxx,xxx
> >   ...
> > </VirtualHost>
> > 
> > where yyy.yyy.yyy.yyy: privat IP.
> 
> Couldn't this disrupt the FTP connection tracking which expects to see 
> the private address ? This option should not be required, as ip_nat_ftp 
> is able to translate addresses in the control flow.

You are extremely right :) That was the case, removing MasqueradeAddress
made it work!

I was unable to find the information on how does conntrack_ftp/nat_ftp
work, otherwise I 
would found out the right way.

Thanks alot, you saved my time.

P.S. Sorry, previous post acidently went privat

-- 
Покотиленко Костик <casper@meteor.dp.ua>

next prev parent reply	other threads:[~2008-11-12  9:09 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-11 12:16 FTP-server on non-standard port behind DNAT, client behind SNAT Покотиленко Костик
2008-11-11 15:16 ` Pascal Hambourg
2008-11-11 15:54   ` Покотиленко Костик
2008-11-11 19:15     ` Pascal Hambourg
2008-11-12  9:09       ` Покотиленко Костик [this message]
2008-11-12 11:03         ` Pascal Hambourg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1226480946.6370.1.camel@casper.meteor.dp.ua \
    --to=casper@meteor.dp.ua \
    --cc=netfilter@vger.kernel.org \
    --cc=pascal.mail@plouf.fr.eu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.