Page MenuHomePhabricator

Passive FTP + NAT + Privileged Port
Closed, ResolvedPublic

Description

Hello,
i got problem, on builds of VyOS based on PRE 4.11 kernel, NAT rules like:

show nat destination 
 rule 10 {
     destination {
         address 10.45.6.0/24
     }
     inbound-interface vtun1
     translation {
         address 192.168.100.0/24
     }
 }

works like a charm, but on builds based on kernel AFTER 4.11 Active FTP wont work...
I came to conclusion that its because of net.ipv4.ip_unprivileged_port_start in new kernel versions.
Am I right? How to configure NAT now?

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0
Why the issue appeared?
Will be filled on close
hexes created this task.Jan 24 2019, 1:26 AM
hexes created this object in space S1 VyOS Public.
Line2 added a subscriber: Line2.Jan 24 2019, 2:58 PM

are you sure, or could it be related to conntrack helper topic in T1141?

hexes added a comment.Jan 24 2019, 4:09 PM

I'm not sure. Only hypothesis...

THANKS! You absolutely right! That's it!

hexes closed this task as Resolved.Jan 24 2019, 4:09 PM