From: Malcolm Turnbull <malcolm.turnbull@crocus.co.uk>
To: Axel Heinrici <axel.foley-beverly-hills@gmx.de>
Cc: netfilter@lists.samba.org
Subject: Re: iptables : masq
Date: Fri, 14 Jun 2002 11:26:32 +0100 [thread overview]
Message-ID: <3D09C4D8.6070507@crocus.co.uk> (raw)
In-Reply-To: 200206141017.MAA04989@axpmgr.physik.rwth-aachen.de
Is that correct ?
Am I not the only one who thinks the instructions for NATing FTP
are V.contradictory ?
ps. This is NOT a flame I think IPTABLES is excellent...
My firewall did have :
modprobe ip_conntrack
modprobe ip_conntrack_ftp
This worked for some FTP connections but not for others..
I've now added :
modprobe ip_nat_ftp
to see if that helps.
Is their some clear documentation on FTP NAT somewhere ?
Axel Heinrici wrote:
>Hi
>On Thursday 13 June 2002 11:58, Payal wrote:
>
>
>>Hi,
>>As I said earlier I am using Mdk Linux 8.2 with kernel 2.4.18. I
>>am trying to shift from ipchains to iptables for a simple reson
>>that I cannot connect to one particular ftp site where
>>ip_masq_ftp was required in earlier versions of kernel. Now this
>>module is no longer available. So, I have to shift to iptables
>>since connecting to that site is really imp.
>>But I am having a problem. I read briefly NAT and iptables HOWTOs
>>and decided the rule,
>>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>>My loaded modules by lsmod include,
>>ipt_MASQUERADE 1504 5 (autoclean)
>>iptable_mangle 2336 0 (autoclean) (unused)
>>iptable_nat 15988 1 (autoclean) [ipt_MASQUERADE]
>>ip_conntrack 15180 1 (autoclean) [ipt_MASQUERADE
>>iptable_nat] iptable_filter 1952 0 (autoclean)
>>ip_tables 11584 6 [ipt_MASQUERADE iptable_mangle
>>iptable_nat iptable_filter]
>>
>>
>
>You will also need the modules ip_conntrack_ftp.o ip_nat_ftp.o.
>Otherwise you will not succeed in doing active FTP.
>
>greetings
> Axel
>
>
--
Regards,
Malcolm Turnbull
IT Manager
Crocus.co.uk Ltd
01344 629661
07715 770523
http://www.crocus.co.uk/
next prev parent reply other threads:[~2002-06-14 10:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200206131517.01195@.>
2002-06-13 10:20 ` iptables : masq Sathi
2002-06-13 13:25 ` Payal
2002-06-14 10:17 ` Axel Heinrici
2002-06-14 10:26 ` Malcolm Turnbull [this message]
2002-06-14 12:02 ` PayalR
2002-06-14 12:02 ` PayalR
2002-06-13 9:58 Payal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3D09C4D8.6070507@crocus.co.uk \
--to=malcolm.turnbull@crocus.co.uk \
--cc=axel.foley-beverly-hills@gmx.de \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox