From: Pascal Hambourg <pascal@plouf.fr.eu.org>
To: Bruno de Paula Larini <bruno.larini@riosoft.com.br>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: Losing connection between nat and filter tables
Date: Tue, 13 May 2014 00:40:49 +0200 [thread overview]
Message-ID: <53714DF1.70407@plouf.fr.eu.org> (raw)
In-Reply-To: <5370CAA5.1010805@riosoft.com.br>
Bruno de Paula Larini a écrit :
> yes, the two interfaces are in the same network, but it's a limitation
> that our ISP imposes to us, as we have a limited range of public IPs in
> only one /28 subnet. The objective this "messy" configuration is that
> two different groups of users have access to different FTP sites without
> having to set a non default port.
But why did you connect two interfaces to the same network ? If you need
two public IP adresses on the box, couldn't you just assign them to the
same interface ?
> Would you do that in a different way?
If possible, I would assign the two public IP addresses to the same
interface. And I would also assign two private addresses to the
(interface of the) final server. Then I would setup two FTP server
instances to listen on one different private address and port 21 each,
and DNAT each public IP address to the corresponding private address.
This way you would not need to mangle the FTP ports.
next prev parent reply other threads:[~2014-05-12 22:40 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-09 14:56 Losing connection between nat and filter tables Bruno de Paula Larini
2014-05-09 15:43 ` Anton Danilov
2014-05-09 16:12 ` Bruno de Paula Larini
2014-05-09 16:48 ` Anton Danilov
2014-05-09 20:45 ` Bruno de Paula Larini
2014-05-09 21:32 ` Mart Frauenlob
2014-05-10 0:31 ` Bruno de Paula Larini
2014-05-10 17:21 ` Pascal Hambourg
2014-05-12 13:20 ` Bruno de Paula Larini
2014-05-12 22:40 ` Pascal Hambourg [this message]
2014-05-11 10:02 ` Mart Frauenlob
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53714DF1.70407@plouf.fr.eu.org \
--to=pascal@plouf.fr.eu.org \
--cc=bruno.larini@riosoft.com.br \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).