Andrew Suffield wrote: > On Sun, Mar 30, 2008 at 11:57:41PM +0200, Martin Leben wrote: >> Response: 227 Entering Passive Mode (192,168,221,239,19) >> Status: Server sent passive reply with unroutable address. Using >> server address instead. >> >> I cannot understand why the FTP servers private address is leaked since >> the modules ip_nat_ftp and ip_conntrack_ftp are loaded. The FTP rule is >> "FTP/DNAT net loc:192.168.221.3". > > Because the address sent by the FTP server is 192.168.221.239, not > 192.168.221.3 > > I don't think you're looking in the right place.
Hmm... My fingers must have slipped when typing (No, I didn't copy/paste that one...) the Filezilla response. Just tested again and it says "Response: 227 Entering Passive Mode (192,168,221,3,76,244)" this time. Yes, that is six blocks of comma separated numbers. So, my question still stands. /Martin Leben ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
