allowing passive FTP from the outside
Justin Zygmont
jzygmont at solarflow.net
Sun Apr 3 04:42:10 UTC 2005
On Sun, 3 Apr 2005, Markku Kolkka wrote:
> Justin Zygmont kirjoitti viestissään (lähetysaika sunnuntai, 3.
> huhtikuuta 2005 00:33):
>> are you sure ftp_conntrack is even needed? I thought that's
>> usually used just for stateful routing through a server, and
>> not to connect to one from the outside.
>
> No, that's a different module: ip_nat_ftp. The ip_conntrack_ftp
> module is required for the ESTABLISHED,RELATED rule to work for
> incoming FTP connections.
I don't see how that can be, because when I stop iptables it also unloads
ftp_conntrack, and even ip_conntrack. I can get a ftp listing with
iptables is off and those modules unloaded. here's what I have
loaded, and it works until I restart iptables.
Module Size Used by
nfsd 184033 2
exportfs 7745 1 nfsd
lockd 58089 2 nfsd
md5 4033 1
ipv6 231425 20
i2c_dev 10433 0
i2c_core 20801 1 i2c_dev
sunrpc 156197 19 nfsd,lockd
dm_mod 55509 0
8139too 26433 0
mii 4673 1 8139too
tulip 48353 0
floppy 57841 0
ext3 116169 2
jbd 69849 1 ext3
More information about the users
mailing list