Active FTP under iptables to ftp.netscape.com
I am running iptables with SNAT under Redhat 7.1 with 2.4.3 smp kernel.
I have successfully installed ip_conntrack, ip_conntrack_ftp and
ip_nat_ftp. I can connect from internal machines to active FTP sites.
I know it's working because I used a protocol analyzer and saw the
connections back to my local machines from source port 20. I connected
specifically to ftp.cs.utah.edu and ftp.microsoft.com both using 2-port
The weirdest thing it that active ftp doesn't work from
ftp.netscape.com. For some reason the conntrack module just doesn't
realize that it should track it if it's there. My guess is that it's
something with the particular server Netscape is running.
I know that ftp.netscape.com supports active ftp because I can connect
with active ftp from my server machine to it with the firewall down.
Does anyone know why this happens? Would someone else please try
connecting to ftp.netscape.com and confirm my findings?
On a side note, does anyone know of a nice way to view the output of
tcpdump in Linux? Something that splits it up into frame, ip, tcp and
application and shows the fields in a more human-readable way?