NAT Modules for VPN, FTP, SIP

Let’s say SNAT or masquerading is configured on a Linux server, for example, as I described in article Ubuntu IP Masquerading (NAT). But if many NAT clients connect to external PPTP, FTP, SIP servers for NAT, then they will have connection problems.

To solve problems with connecting to PPTP, FTP, SIP, you need to download some modules:

modprobe nf_nat_pptp
modprobe nf_nat_ftp
modprobe nf_nat_sip

And also add the modules to the /etc/modules file so that they load automatically at system startup:


Unload a module from memory if possible:

modprobe -r nf_nat_pptp

For example, on UBNT (Ubiquiti) devices, when configuring NAT, it is also possible to enable sip pptp ftp rtsp by ticking off.

Check if nf_conntrack_helper is enabled as follows:

sysctl net.netfilter.nf_conntrack_helper

For autorun, the following should be specified in the /etc/sysctl.conf file:

net.netfilter.nf_conntrack_helper = 1

See also my articles:
Difference between MASQUERADE and SNAT
How to fix the error “nf_conntrack: table full, dropping package”
Tuning nf_conntrack

Leave a comment

Leave a Reply