There are various techniques used the make a router/firewall automatically forward ports to its clients. For example there are some protocols like: IGD, NAT-PMP et similia.
But those protocol need to be implemented both on router and on client. So automatic port-mapping won't work out of the box in many cases.
The lines in kernel config you are referring to CONFIG_NF_CONNTRACK_FTP
CONFIG_NF_NAT_FTP
are used for another reason: due to the fact that FTP protocol use two different tcp streams for comunication (one of which does not have to be "listened" by the server) your firewall needs extra "effort" to track the connection and act accordingly.
Where Linux kernel(3.4.34) open port on nat device? [closed]
Question
I use an Linux Server for nat device. Currently it looks like [PC1,2,3]--[Linux]--[Internet]
There is no issue at all , but I'm curious about , when I open a service (ex: FTP WWW ) on my PC1 , did my [Linux] also opened a port service on it ?
I did trace code for the
CONFIG_NF_CONNTRACK_FTP CONFIG_NF_NAT_FTP
but I cant find related code about port open.
Thanks for your read.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow