From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom van Leeuwen Subject: Re: nat ftp helper bypass Date: Tue, 08 Oct 2013 10:17:39 +0200 Message-ID: <5253BFA3.50206@saasplaza.com> References: <5253B5E4.1050103@sterenborg.info> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Anand Raj Manickam , "Rob Sterenborg (lists)" Cc: "netfilter@vger.kernel.org" Unfortunately I don't know how to solve your problem using iptables. Could you satisfy my curiosity and tell me why you want this? Maybe there's another path to take. Regards, Tom On 10/08/2013 09:42 AM, Anand Raj Manickam wrote: > On Tue, Oct 8, 2013 at 1:06 PM, Rob Sterenborg (lists) > wrote: >> On 10/08/2013 07:46 AM, Anand Raj Manickam wrote: >>> Is there a way to bypass nat ftp helper for a few connections and >>> allow the rest of the FTP connections to NAT with the FTP helper >>> module ? >>> The need is to NAT the FTP control and data connections without >>> conntrack-helpers . >> >> See man iptables, specifically the raw table: >> >> raw: >> This table is used mainly for configuring exemptions from connection >> tracking in combination with the NOTRACK target. It registers at the >> netfilter hooks with higher priority and is thus called before ip_conntrack, >> or any other IP tables. It provides the following built-in chains: >> PREROUTING (for packets arriving via any network interface) OUTPUT (for >> packets generated by local processes) >> >> >> -- >> Rob >> > Thanks for your response Rob. > > The setup is a router and I m tryin to SNAT so the choice i have is on > FORWARD / POSTROUTING chain. > I need connection tracking as i need to NAT the traffic without the > nat ftp helper module . > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html