Passive FTP + NAT + Privileged Port
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	hexes
	Jan 24 2019, 1:26 AM

Description

Hello,
i got problem, on builds of VyOS based on PRE 4.11 kernel, NAT rules like:

show nat destination 
 rule 10 {
     destination {
         address 10.45.6.0/24
     }
     inbound-interface vtun1
     translation {
         address 192.168.100.0/24
     }
 }

works like a charm, but on builds based on kernel AFTER 4.11 Active FTP wont work...
I came to conclusion that its because of net.ipv4.ip_unprivileged_port_start in new kernel versions.
Am I right? How to configure NAT now?

Details

Version: 1.2.0

Related Objects

Mentioned Here: T1141: Conntrack helpers are no longer active by default

Event Timeline

hexes created this task.Jan 24 2019, 1:26 AM

hexes created this object in space S1 VyOS Public.

are you sure, or could it be related to conntrack helper topic in T1141?

I'm not sure. Only hypothesis...

THANKS! You absolutely right! That's it!

hexes closed this task as Resolved.Jan 24 2019, 4:09 PM

Passive FTP + NAT + Privileged PortClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Passive FTP + NAT + Privileged Port
Closed, ResolvedPublic
Actions