You are not logged in.
Hello,
I have a small box with 2 NIC that I use a as gateway/router for my LAN, sitting behind the ISP box.
I put in place all the required iptables ruling for forwarding /masquerading, etc, and all is working fine except the NAT helpers, e.g nf_nat_ftp / nf_conntrack_ftp.
Both modules are loaded, I use a rule in the raw table to assign the ftp helper (the famous "CT" target). I see that packets are matched by that rule.
But the returning packets never gets d-natted (masqueraded "back") and flagged as RELATED : they are just dropped in the INPUT of the box itself.
What is very strange is that my setup was working fine a few month ago : I changed some components of the box and decided to reinstall archlinux from scratch, and since I cannot make the NAT helpers to work.
I've tested with the current kernel, with a custom compiled 4.10.17 and 4.12.3 (latest from kernel.org) with the same results.
Do you guys have any thoughts ? What should I be looking at ?
Offline