Enable FTP: ip_nat_ftp and/or ip_conntrack_ftp?
James Cooley
jcooley at fit.edu
Mon Jun 6 12:41:43 UTC 2005
Basically, ip_conntack_ftp enables your firewall to identify packets
relating to ftp, and ip_nat_ftp modifies ftp packets for computers
behind a firewall running nat. ip_nat_ftp requires ip_conntrack_ftp
to be loaded, so it loads that module automatically for you. Thats why
loading either of them works for you. It looks as if you should be
able to just load ip_conntrack_ftp to get everything to work, and ignore
ip_nat_ftp.
I hope this helps a bit.
--James Cooley
linux at fritzenwallner.org wrote:
>Hi!
>
>I'm working on a RHEL WS3, Taroon Update 5 and have the following problem:
>I installed the ftp-server "vsftpd-2.0.3" as a xinetd based services and would
>like to get it working.
>I opened the firewall on FTP using redhat-config-securitylevel. Then I could
>connect to my machine but "ls" didn't work (No route to host).
>
>Then I googled a little and found out that it might be needed to load an
>additional module which can be added to the file /etc/sysconfig/iptables-config.
>So I loaded from the command prompt the module ip_conntrack_ftp with the command
>"modprobe ip_conntrack_ftp", ....and FTP works now!
>Additionaly I found out that if I load the module "ip_nat_ftp", FTP works as well.
>
>Now I don't know which module I should add to the file 'iptables-config', only
>one of them or both, ip_nat_ftp and ip_conntrack_ftp?
>
>What are these modules for?
>
>
>Thanks very much for your help!
>Marcel Fritzenwallner
>
>
>
>
>
>
More information about the redhat-list
mailing list