Next Previous Contents

7. Special Protocols

Some protocols do not like being NAT'ed. For each of these protocols, two extensions must be written; one for the connection tracking of the protocol, and one for the actual NAT.

Inside the netfilter distribution, there are currently modules for ftp: ip_conntrack_ftp.o and ip_nat_ftp.o. If you insmod these into your kernel (or you compile them in permanently), then doing any kind of NAT on ftp connections should work. If you don't, then you can only use passive ftp, and even that might not work reliably if you're doing more than simple Source NAT.


Next Previous Contents