On Mon, 2004-06-28 at 23:56 -0700, Florin Andrei wrote: > Seems to me like you're running an http/https/ftp server behind NAT, and > you want to make it visible to the outside, correct? yes > http/https are not a problem in this scenario. yes > Make sure you're loading the ip_nat* and ip_conntrack* modules on the > firewall. I believe it's enough to load them and only forward the > command channel (port 21); the purpose of the ip_nat_ftp module is to > figure out the parameters for the data channel and mangle the packets on > the fly. > > Edit /etc/sysconfig/iptables-config and add: > > IPTABLES_MODULES="ip_nat_ftp" Added it and now it works! ip_conntrack was also loaded, but I didn't specified it manually. Thanks a lot Florin! I'm googling now for ip_nat_ftp and vsftpd passv_address options to learn more, it's the first time I hear about them after reading many examples of ftp port forwarding. -- Marius Andreiana Galuna - Solutii Linux in Romania http://www.galuna.ro
