System-config-securitylevel breaks passive FTP

Simon Andrews simon.andrews at
Thu May 27 12:22:47 UTC 2004

During an upgrade from FC1 to FC2 I decided to add a firewall to one of 
our servers.  I used the system-config-securitylevel tool to enable the 
firewall and allow through the services we need (ftp, http and ssh).

However, after enabling the firewall I found that ftp was broken.  I 
could connect, but could not get directory listings or transfer files. 
Disabling the firewall caused everything to start working again.

Looking back through bugzilla I came across:

..which is exactly the problem I had, and enabling the ip_nat_ftp 
iptables module caused everything to work through the firewall again.

My question therefore is why is this not considered a bug??  Surely if 
someone selects to allow ftp traffic through their firewall then they 
should not need to make additional (and distinctly non-obvious!) changes 
to config files to actually allow it to work.

More information about the fedora-list mailing list