-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Florian,
Am Do den 16. Feb 2017 um 9:41 schrieb Florian Westphal:
> Klaus Ethgen wrote:
> > > 2. ftp server uses foreign (non-local) ip addresses in PORT command
> > >(this needs fixing of ftp server or use of 'loose'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Florian,
Am Do den 16. Feb 2017 um 1:17 schrieb Florian Westphal:
> Klaus Ethgen wrote:
[Contrack and DNAT]
> > Here are the relevant entries in iptables:
> > iptables -t raw -A PREROUTING -p tcp -m tcp --dport 21 -j CT
Klaus Ethgen wrote:
> allow me to ask a question about conntrack and nf_conntrack_ftp and
> nf_nat_ftp and DNAT.
>
> I have a host where I do DNAT from the main IPv4 address to the backend
> ftp server. Currently I have the server data connections limited to a
> small port