Fpt dnat doesn't wokr

show nat destination rule 10
description REPO_ACCESS
destination {
port 21,22,80,443,49152-65534
inbound-interface eth0
protocol tcp
translation {

in the firewall the exist a rule allowing this traffic,

and after connecting from a machine in an external network, the ftp return

Response: 220 ProFTPD 1.3.5e Server (repo) []
Command: USER anonymous
Response: 331 Anonymous login ok, send your complete email address as your password
Command: PASS **************
Response: 230 Anonymous access granted, restrictions apply
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: TVFS
Response: MFMT
Response: LANG en-US.UTF-8*;en-US
Response: SIZE
Response: MFF modify;UNIX.group;UNIX.mode;
Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Response: UTF8
Response: EPRT
Response: EPSV
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 UTF8 set to on
Status: Connected
Status: Retrieving directory listing…
Command: PWD
Response: 257 “/” is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (172,16,9,23,203,210).

So, it returns the internal address of the FTP, instead of the translated address which is, and never I can see the files.

This didn’t happen in version 1.4-rolling-202212280917, but after the update to version 1.4-rolling-202306210315 is happening.


Can you check sudo nft list table nat and check the counter for DNAT rules?

Thank you for your response, but I already make a rollback. Thank’s to that, is workign again

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.