On Fri, 13 Jul 2001, fr ml wrote: > > Hello, > > I've tried to masquerade my private Lan from the outside, > but I've got problems for ftp (port 21). > > At first, I've tried such a rule (where eth0 is private and > eth1 public): > iptables -t nat -A POSTROUTING -o eth1 -s private_lan > -d 0.0.0.0/0 -p tcp -m state > --state NEW,ESTABLISHED,RELATED -j MASQUERADE > > > with no success, the packet send are quite masquerade, but > the reply are still using the original non-masquerade ip > address. > Hello,
why do you not use the ftp modules ip_conntrack_ftp.o and ip_nat_ftp.o? They come with the netfilter options in the kernel. Works fine. Greetz, Sebastiaan
