Hi! I�m using 2.4.18 and iptables-1.2.6a on our linux-router. The router connects a small network of official IP�s connected via ethernet-link AND adsl-dialup-link both configured as default gateway.
Packets going out over the ppp line are masqueraded in the POSTROUTING chain, the MSS is adjusted to MTU. Everything works as expected except some active-ftp sessions. Trying to ftp ftp.namesys.com from a host as example, the iptraf I can see the following: xxx.xxx.xxx.xxx:32821 = 12 --A- eth1 x thebsh.namesys.com:ftp = 1 1-PA- eth1 x thebsh.namesys.com:4144 = 5 300S--- eth1 x xxx.xxx.xxx.xxx:32821 /cat/proc/net/ip_conntrack shows: EXPECTING: proto=6 src=212.16.7.65 dst=xxx.xxx.xxx.xxx sport=0 dport=32822 The host contacts thebsh.namesys.com with s-port 32821 on ftp, and thebsh.namesys.com tries to initiate the data connection from s-port > 1024 with d-port 32821 on that host. Iptables expects that data connection on d-port 32822, so it can never be established. Is this a non-conform-ftp-implementation or is this a netfilter related problem or exists the problem only between my head-phones (configuration)? Many thanks for your help, Norman Volmer
