Re: [conntrack_ftp] ftp _server_ behind dnat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Hello,

Klaus Ethgen a écrit :
> 
> I recently played around a new FTP server on KVM host which is connected
> via DNAT from the main host.
> 
> Now I was thinking that the conntrac_ftp and nat_ftp module is the
> correct one to configure it correct. But after several tests and finally
> reading the source code of conntrac_ftp I find out that this bunch of
> logic only match for a _client_ behind nat (SNAT) using active FTP.
> 
> So am I right that there is no module out there that supports passive
> FTP server behind DNAT?

What is your kernel version ?
IME, nf_conntrack_ftp and nf_nat_ftp handle both passive and active
modes. Briefly looking at the code, I can see mentions of PASV (standard
passive), EPSV (extended passive), PORT (standard port) and EPRT
(extended port).

Maybe the netfilter list is a better place to ask.
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Photo]     [Yosemite]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]     [Video 4 Linux]     [Linux Resources]

Add to Google