System-config-securitylevel breaks passive FTP
Simon Andrews
simon.andrews at bbsrc.ac.uk
Thu May 27 12:22:47 UTC 2004
During an upgrade from FC1 to FC2 I decided to add a firewall to one of
our servers. I used the system-config-securitylevel tool to enable the
firewall and allow through the services we need (ftp, http and ssh).
However, after enabling the firewall I found that ftp was broken. I
could connect, but could not get directory listings or transfer files.
Disabling the firewall caused everything to start working again.
Looking back through bugzilla I came across:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111228
..which is exactly the problem I had, and enabling the ip_nat_ftp
iptables module caused everything to work through the firewall again.
My question therefore is why is this not considered a bug?? Surely if
someone selects to allow ftp traffic through their firewall then they
should not need to make additional (and distinctly non-obvious!) changes
to config files to actually allow it to work.
More information about the fedora-list
mailing list