From: Jason Rippon
This ensures that port range masquerade rules work with the ftp alg.
Previously the tfp data flow was not following the iptables rules.
Signed-off-by: Jason Rippon
Signed-off-by: Felix Jia
---
net/netfilter/nf_conntrack_ftp.c | 3 ++-
1 file changed, 2 insertions(+), 1 dele
Felix Jia wrote:
> From: Jason Rippon
>
> This ensures that port range masquerade rules work with the ftp alg.
> Previously the tfp data flow was not following the iptables rules.
The data connections are supposed to inherit the NAT transformation
of the master connection (connection created th
Westphal
Sent: Wednesday, November 7, 2018 12:51 PM
To: Felix Jia
Cc: Pablo Neira Ayuso; Jason Rippon; netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] netfilter: Only call ftp alg when needed
Felix Jia wrote:
> From: Jason Rippon
>
> This ensures that port range masquerade rules work with th
al; Felix Jia
Cc: Pablo Neira Ayuso; netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] netfilter: Only call ftp alg when needed
The data connection with the FTP alg does not seem to respect the masquerade
--to-ports option.
e.g
echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper
iptabl
On Wed, Nov 21, 2018 at 04:37:25AM +, Jason Rippon wrote:
> Is there anything more you need from me?
> I have tested this with old Kernel releases, as well as Net-next and the FTP
> alg does not seem to respect the masquerade --to-ports option.
>
> e.g
> echo 1 > /proc/sys/net/netfilter/nf_co
