Security setting to prevent passive ftp?
Matthew Saltzman
mjs at ces.clemson.edu
Sun Jul 24 17:05:55 UTC 2005
On Sun, 24 Jul 2005, Jon August wrote:
>
> Hmm - looks like that module fails to load. Is there a log that would
> explain why this failed? Thanks for the help!
'cause my fingers got ahead of my brain. It's "ip_conntrack_ftp".
Sorry...
>
> $ sudo /etc/rc.d/init.d/iptables restart
> Flushing firewall rules: [ OK ]
> Setting chains to policy ACCEPT: filter [ OK ]
> Unloading iptables modules: [ OK ]
> Applying iptables firewall rules: [ OK ]
> Loading additional iptables modules: iptables_conntrack_ftp[FAILED]
>
> -Jon
>
>
>
>
>
> On Jul 24, 2005, at 6:36 AM, Matthew Saltzman wrote:
>
>
>> On Sat, 23 Jul 2005, Jonathan August wrote:
>>
>>
>>
>>>
>>> The modprobe ip_conntrack_ftp doesn't return anything and it seems to
>>> still have an issue... Do I need to reboot or something?
>>>
>>>
>>
>> You can tell if the modprobe had the desired effect by issuing lsmod.
>>
>>
>>
>>>
>>> Also, what do I add to /etc/sysconfig/iptables-config? There just seems
>>> to be a few things in there with YES or NO settings...
>>>
>>>
>>
>> IPTABLES_MODULES="iptables_conntrack_ftp"
>>
>> No need to reboot, but you could "/sbin/service iptables restart".
>> Shouldn't be necessary after the modprobe, but the iptables-config entry
>> only takes effect after restarting iptables.
>>
>> Are you sure all appropriate ports (20 and 21) are open (on the server and
>> through the firewall)? Is ncftpd configured correctly for passive access?
>> (I don't know anything about configuring ncftpd. Just trying to think of
>> things to check.)
>>
>>
>>
>>>
>>> ??
>>>
>>> Thanks,
>>> -Jon
>>>
>>>
>>>
>>> On Jul 23, 2005, at 10:12 AM, Matthew Saltzman wrote:
>>>
>>>
>>>
>>>> On Sat, 23 Jul 2005, Alexander Dalloz wrote:
>>>>
>>>>
>>>>> Am Sa, den 23.07.2005 schrieb Jonathan August um 15:38:
>>>>>
>>>>>
>>>>>> For my users that use passive ftp, when they connect to ncftpd on my
>>>>>> server, the connection takes a long time and eventually for them as
>>>>>> dialup users, it times out. If I try to ftp to the machine behind my
>>>>>> firewall and specify to use passive, as soon as I try anything that
>>>>>> sends data (ls, put, get), the connection gets dropped. I turned off
>>>>>> SELinux, but this didn't help. Any ideas?
>>>>>> -Jon
>>>>>>
>>>>>>
>>>>> modprobe ip_conntrack_ftp
>>>>>
>>>>>
>>>> And to make it permanent, add to /etc/sysconfig/iptables-config.
>>>>
>>>>
>>>>> Alexander
>>>>>
>>>>>
>>>> --
>>>> Matthew Saltzman
>>>> Clemson University Math Sciences
>>>> mjs AT clemson DOT edu
>>>> http://www.math.clemson.edu/~mjs
>>>> --
>>>> fedora-list mailing list
>>>> fedora-list at redhat.com
>>>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>>>
>>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> Matthew Saltzman
>>
>> Clemson University Math Sciences
>> mjs AT clemson DOT edu
>> http://www.math.clemson.edu/~mjs
>>
>> --
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>>
>
>
>
>
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the fedora-list
mailing list