On 09/29/2017 04:29 AM, Juha Leinonen wrote: > Hi, > > I'm running Debian 9.1 with > Linux 4.12.0-1-amd64 #1 SMP Debian 4.12.6-1 (2017-08-12) x86_64 GNU/Linux > Shorewall version 5.0.15.6 > > And I'm unable to get DNAT + SNAT + FTP helper combination working. > > DNAT + FTP Helper works, but when trying to get source IP address also > changed traffic never passes to inside interface. > Also combination DNAT + SNAT works, but then passive FTP doesn't work as > conntrack is not following packets. > > Have anyone by any change happened to stumble into this? This has been > working flawlessy with old 3.16 kernel and shorewall 4.x. >
Just to clarify, I assume that when you add SNAT, you are adding an SNAT rule that changes the source IP on packets leaving the local interface? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
