On 12/31/18 7:02 PM, Naveen Neelakanta wrote: > Hi Tom, > > After adding the zones in the conntrack , i start seeing this issue, > where the nf_nat_ftp is not getting called. If I remove the zones from > conntrack entry, I don't see the issue, but I need the zones. > > Any pointers to solve this will help. >
I don't have any, as I have no experience with conntrack zones. I can envision potential problems with active mode FTP and zones if the zone for client->FTPserver traffic is different from the one for FTPserver->client traffic. You seem to be using "CT --zone x", according to your earlier post(s). I see that "CT --zone-orig x" and "CT --zone-reply x" are also supported, but again, I have no experience with using them. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
