2006/9/20, Pascal Hambourg <[EMAIL PROTECTED]>:
No, he can't "use all the apps he want". NAT, and even static 1:1 NAT,
breaks some applications which transmit network addresses in the payload
to establish dynamic connections. It includes FTP, IRC DCC, H.323, SIP
(voice over IP), RTSP (video streaming)...
> but ...
>
> a) active ftp does not work
FTP is the most common of those applications which can be broken by 1:1
static NAT. You need to "help" the application with a "helper" iptables
module. There are usually two modules for a given protocol : for FTP,
they are ip_conntrack_ftp (keeps track of FTP connections) and
ip_nat_ftp (NAT FTP data connections and, most important, mangles
network addresses in the control connections payload).
Thanks for your replies ....
AFAIK I do not need to add some iptables so I've loaded the module and
ask my customers if it works
Thank you one more time.
--
Wojciech Ziniewicz | jid:[EMAIL PROTECTED]
http://silenceproject.org | http://zetho.wordpress.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
