Firewall config and ftp server

Edward. S. P. Leong edwardspl at ita.org.mo
Sat Mar 27 10:40:59 UTC 2010 

Rick Stevens wrote:

>On 03/11/2010 08:17 AM, Edward. S. P. Leong wrote:
>  
>
>>Rick Stevens wrote:
>>    
>>
>>>On 03/09/2010 07:47 PM, NoSpaze wrote:
>>>
>>>      
>>>
>>>>Am Dienstag, den 09.03.2010, 23:09 +0800 schrieb Edward. S. P. Leong:
>>>>
>>>>        
>>>>
>>>>>NoSpaze wrote:
>>>>>
>>>>>          
>>>>>
>>>>>># modprobe ip_tables
>>>>>>FATAL: Module ip_tables not found.
>>>>>>
>>>>>>            
>>>>>>
>>>>Again: this module does not exist! Maybe ip_nat or nf_nat?
>>>>
>>>>        
>>>>
>>>To clarify, several kernels ago the IPV4 iptables was defaulted to being
>>>built into the kernel so it doesn't need a modprobe or insmod.  Ditto
>>>with the IPV4 conntrack (snippet of the default kernel config file):
>>>
>>>CONFIG_NF_DEFRAG_IPV4=y<<<---- Built into kernel
>>>CONFIG_NF_CONNTRACK_IPV4=y<<<---- Built into kernel
>>># CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
>>>CONFIG_IP_NF_QUEUE=m<<<---- Module
>>>CONFIG_IP_NF_IPTABLES=y<<<---- Built into kernel
>>>
>>>So remove those items from your /etc/modprobe.conf file.  It is also not
>>>necessary to modprobe things like the NAT module and such...if
>>>there are rules in your iptables config that require them, they'll
>>>be drug in by iptables itself.  The "modprobe"able modules can be
>>>found by doing a
>>>
>>>	ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter
>>>
>>>      
>>>
>>Hello to you,
>>
>>Would you mind to tell me how to apply the following iptables module
>>into FC11 System ?
>>
>>ip_nat_ftp
>>ip_conntrack_ftp
>>    
>>
>
>You should just write the rules you need.  The kernel should be set up
>to autoload the modules it needs to support your rules.  If you're in
>doubt, use the "-m modulename" option in the rule, e.g.
>
>	... -m nf_nat_ftp -s 10.1.0.0/24 ....
>
>  
>
Hello,

I just tried the following cli in server side :

[root at host1 ~]# iptables -A INPUT -i eth1 -p tcp --dport 21 -m
nf_nat_ftp -s 192.168.1.0/24 -d 192.168.1.254 -j ACCEPT
iptables v1.4.3.1: Couldn't load match
`nf_nat_ftp':/lib/xtables/libipt_nf_nat_ftp.so: cannot open shared
object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
[root at host1 ~]#

Is there any solution for it ?

Thanks !

Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100327/479b61c9/attachment.html

More information about the users mailing list