On 12/31/18 10:12 AM, Naveen Neelakanta wrote: > The box on which the shorwall is running is doing the SNAT.
But it is doing SNAT of *outgoing* requests only, correct? There is no SNAT occurring on the FTP control connection whose conntrack entry you forwarded. > aybe an > external facing firewall is doing another NAT with the source ip ( > 96.64.220.253) hence I am not seeing any new connection back on my > device. Should i see a new connection request from the server to > ip 96.64.220.253 , will there be an entry created by FTP helper to > accept the new connection request coming from the server ( i don't see > it in the conntrack entry ). Please understand that the problem you are seeing here has *nothing* to do with the Shorewall box or with FTP helpers. The problem is that the FTP server is refusing to create an active mode data connection to 10.24.8.11. Was that the actual IP address of the ftp client or was it 96.64.220.253? -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
