On the debian-firewall list it was discussed that. SNATed ftp using the PASV cmd needed an outgoing rule. Other than "state RELATED" when all unmatched packets are DROPed.
I am wondering what is the current status of the ftp connection tracking and ftp nat? Can ipfilter handle SNAT and DNAT ftp for both the PORT and PASV cmds? Matrix | SNAT | DNAT | NoNAT PORT | ??? | ??? | ???? PASV | ??? | ??? | ???? Legend: Yes, Connections are tracked. Mangle, Connections are tracked and cmd is nated. No, Connections are not tracked. Your reply to [email protected] is greatly appreciated. __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover
