The iptables helper match is supported by Shorewall in the form of the HELPER column in shorewall-mangle (5) and shorewall-tcrules (5). The CT target is supported directly in shorewall-conntrack (5). In these files, Shorewall supports the same module names as iptables; see the table above.

This is in 3.10 (and I'm guessing 3.18, 4.4, and 4.9). I've noticed a few other tickets with syslogs attached that popped up when I searched for "nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead" BEFORE opening this ticket. The iptables helper match is supported by Shorewall in the form of the HELPER column in shorewall-mangle (5) and shorewall-tcrules (5). The CT target is supported directly in shorewall-conntrack (5). In these files, Shorewall supports the same module names as iptables; see the table above. helper will create an expectation whose IP parameters are the two peers. The IRC helper creates expectations whose destination address is the client address and source address is any address. This is due to the protocol: we do not know the IP address of the person who is the target of the DCC. For each helper, you must carefully open the RELATED flow. All iptables statements using "-m conntrack --ctstate RELATED" should be used in conjunction with the choice of a helper and of IP parameters. By doing that, you will be able to describe how the helper must be used with respect to your network and information system architecture. kernel: nf_conntrack: automatic helper assignment is deprecated and it Will Be removed soon. Use the CT iptables target to attach helpers INSTEAD.

Iptables to allow incoming FTP - Unix & Linux Stack Exchange

iptables rules for NAT with FTP active / passive connections; iptables rules for NAT with FTP active / passive connections. If you have an FTP server running behind a server that acts as the gateway or firewall, here are the rules to enable full NAT for active and passive connections.

A generic CT rule looks like "-A PREROUTING -p tcp --dport 21 -j CT --helper ftp", or so the doucmentation says, but going over your rules again I don't see specific helper usage anyway so just discard the nf_conntrack message as being of the informational level.

Iptables reload/restart on Ubuntu 18.04 - Ask Ubuntu iptables-restore < /etc/iptables/rules.v4 ip6tables-restore < /etc/iptables/rules.v6 The two packages are similar, but provide slightly different functionality. If you only install iptables-persistent, you won't get the service definition file for correct handling in systemd, IPTables 1:1 NAT - LinuxQuestions.org