iptables : masq

[Malcolm Turnbull]

Is that correct ?

Am I not the only one who thinks the instructions for NATing FTP
are V.contradictory ?

ps. This is NOT a flame I think IPTABLES is excellent...

My firewall did have :
modprobe ip_conntrack
modprobe ip_conntrack_ftp

This worked for some FTP connections but not for others..

I've now added :
modprobe ip_nat_ftp
to see if that helps.

Is their some clear documentation on FTP NAT somewhere ?



Axel Heinrici wrote:

>Hi
>On Thursday 13 June 2002 11:58, Payal wrote:
>  
>
>>Hi,
>>As I said earlier I am using Mdk Linux 8.2 with kernel 2.4.18. I
>>am trying to shift from ipchains to iptables for a simple reson
>>that I cannot connect to one particular ftp site where
>>ip_masq_ftp was required in earlier versions of kernel. Now this
>>module is no longer available. So, I have to shift to iptables
>>since connecting to that site is really imp.
>>But I am having a problem. I read briefly NAT and iptables HOWTOs
>>and decided the rule,
>>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>
>>My loaded modules by lsmod include,
>>ipt_MASQUERADE          1504   5  (autoclean)
>>iptable_mangle          2336   0  (autoclean) (unused)
>>iptable_nat            15988   1  (autoclean) [ipt_MASQUERADE]
>>ip_conntrack           15180   1  (autoclean) [ipt_MASQUERADE
>>iptable_nat] iptable_filter          1952   0  (autoclean)
>>ip_tables              11584   6  [ipt_MASQUERADE iptable_mangle
>>iptable_nat iptable_filter]
>>    
>>
>
>You will also need the modules ip_conntrack_ftp.o  ip_nat_ftp.o.
>Otherwise you will not succeed in doing active FTP.
>
>greetings 
>	Axel 
>  
>

-- 

Regards,

Malcolm Turnbull

IT Manager
Crocus.co.uk Ltd

01344 629661
07715 770523

http://www.crocus.co.uk/