[BUG] ip_nat_ftp fails for some ftp servers (fwd)
Sun, 7 Oct 2001 00:55:14 +0200 (CEST)
Only sent to the netfilter list.
Never argue with an idiot. They drag you down to their level, then beat you=
---------- Forwarded message ----------
Date: Sat, 06 Oct 2001 23:18:53 +0200
From: Xuan Baldauf <firstname.lastname@example.org>
Subject: [BUG] ip_nat_ftp fails for some ftp servers
Hello, I'm currently trying to track down a bug where
active-ftp-masquerading sometimes fails and sometimes does
not fail. I initially assumed that it the problem is
dependent on the ftp-client, client-OS or client-ip-address,
but all this does not seem to apply, it seems to depend on
the server, which is odd.
My network setup:
"local client machines with private ip adresses" - "linux
router" - "internet"
On the linux router, the module "ip_nat_ftp" is loaded.
There is a masquerading rule entered into the router:
#> iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all --- anywhere !192.168.0.0/22
When having such a setup, try to list following ftp
directory using an ftp client in active mode:
It will fail (because ip_nat_ftp will not substitute the
ftp-"PORT" command). But accessing these directories will
I've captured the communication to both classes of
ftp-servers, but did not find any notable differences. The
"router" machine is running linux-2.4.11-pre3.
Can anybody confirm this with his|her own setup? Does
anybody know the reason for this bug?