Firewall config and ftp server
Edward. S. P. Leong
edwardspl at ita.org.mo
Sat Mar 27 10:40:59 UTC 2010
Rick Stevens wrote:
>On 03/11/2010 08:17 AM, Edward. S. P. Leong wrote:
>
>
>>Rick Stevens wrote:
>>
>>
>>>On 03/09/2010 07:47 PM, NoSpaze wrote:
>>>
>>>
>>>
>>>>Am Dienstag, den 09.03.2010, 23:09 +0800 schrieb Edward. S. P. Leong:
>>>>
>>>>
>>>>
>>>>>NoSpaze wrote:
>>>>>
>>>>>
>>>>>
>>>>>># modprobe ip_tables
>>>>>>FATAL: Module ip_tables not found.
>>>>>>
>>>>>>
>>>>>>
>>>>Again: this module does not exist! Maybe ip_nat or nf_nat?
>>>>
>>>>
>>>>
>>>To clarify, several kernels ago the IPV4 iptables was defaulted to being
>>>built into the kernel so it doesn't need a modprobe or insmod. Ditto
>>>with the IPV4 conntrack (snippet of the default kernel config file):
>>>
>>>CONFIG_NF_DEFRAG_IPV4=y<<<---- Built into kernel
>>>CONFIG_NF_CONNTRACK_IPV4=y<<<---- Built into kernel
>>># CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
>>>CONFIG_IP_NF_QUEUE=m<<<---- Module
>>>CONFIG_IP_NF_IPTABLES=y<<<---- Built into kernel
>>>
>>>So remove those items from your /etc/modprobe.conf file. It is also not
>>>necessary to modprobe things like the NAT module and such...if
>>>there are rules in your iptables config that require them, they'll
>>>be drug in by iptables itself. The "modprobe"able modules can be
>>>found by doing a
>>>
>>> ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter
>>>
>>>
>>>
>>Hello to you,
>>
>>Would you mind to tell me how to apply the following iptables module
>>into FC11 System ?
>>
>>ip_nat_ftp
>>ip_conntrack_ftp
>>
>>
>
>You should just write the rules you need. The kernel should be set up
>to autoload the modules it needs to support your rules. If you're in
>doubt, use the "-m modulename" option in the rule, e.g.
>
> ... -m nf_nat_ftp -s 10.1.0.0/24 ....
>
>
>
Hello,
I just tried the following cli in server side :
[root at host1 ~]# iptables -A INPUT -i eth1 -p tcp --dport 21 -m
nf_nat_ftp -s 192.168.1.0/24 -d 192.168.1.254 -j ACCEPT
iptables v1.4.3.1: Couldn't load match
`nf_nat_ftp':/lib/xtables/libipt_nf_nat_ftp.so: cannot open shared
object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
[root at host1 ~]#
Is there any solution for it ?
Thanks !
Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20100327/479b61c9/attachment.html
More information about the users
mailing list