On Tue, 2004-06-29 at 01:05, Marius Andreiana wrote: > On Mon, 2004-06-28 at 23:56 -0700, Florin Andrei wrote: > > Edit /etc/sysconfig/iptables-config and add: > > > > IPTABLES_MODULES="ip_nat_ftp" > Added it and now it works! :-) It's prudent to add that config bit to any Linux box that works as a NAT firewall and routes FTP traffic. Even do that to small NAT boxes that provide Internet access to a small office or something - you know, the SOHO type of thing. This is what i add to all my Linux NAT firewalls that have browsers behind them: IPTABLES_MODULES="ip_nat_ftp ip_nat_irc" You can find the other NAT protocol helper modules like this: find /lib/modules/`uname -r`/kernel -name ip_nat_* > ip_conntrack was also loaded, but I didn't specified it manually. Yeah, that's because of dependencies and whatnot. Modules _usually_ automagically load up their own dependencies. > Thanks a lot Florin! I'm googling now for ip_nat_ftp and vsftpd > passv_address options to learn more, it's the first time I hear about > them after reading many examples of ftp port forwarding. Well, if ip_nat_ftp works for you, then you don't have to worry about unusual options in the ftpd config. It's all handled by the firewall now. BTW, you probably don't have to forward port 20 now, but go ahead and experiment first, don't take my word for it. -- Florin Andrei http://florin.myip.org/
