Debian 2.6.8/bridge/iptables/passive ftp

All of lore.kernel.org
 help / color / mirror / Atom feed

From: spaminator@web.de
To: netfilter@lists.netfilter.org
Subject: Debian 2.6.8/bridge/iptables/passive ftp
Date: Wed, 04 Apr 2007 12:18:06 +0200	[thread overview]
Message-ID: <361462969@web.de> (raw)

Hi out there,

thanks for your replies.

@Ray
I already stumbled over http://slacksite.com/other/ftp.html and built my ruleset accordingly. As far as I understand you should be able to cater just for passive ftp.

@Arnd-Hendrik
I am not opening the high ports on the ftp server box. The (passive) ftp client sends the first request from a highport to port 21 on the server box. Have a look at the diagrams at slacksite. Which helper module do you refer to?

@Martijn
Your hint pointing to ip_conntrack_ftp lead to the solution. lsmod showed me that the module had not been loaded. After loading my ruleset worked and the clients could ftp properly.

Rebooting the bridge box left me again with an unloaded ip_conntrack_ftp. So I made an entry in /etc/modules which caters for the module to be loaded on (re)boot. Strange thing that, because other modules related to iptables are being loaded automatically, although they are not compiled into the kernel too. Are there other "surprise"-modules that have to be loaded via /etc/modules?

cu
Jo

_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192

next             reply	other threads:[~2007-04-04 10:18 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-04-04 10:18 spaminator [this message]
2007-04-04 10:29 ` Debian 2.6.8/bridge/iptables/passive ftp Jan Engelhardt
2007-04-04 17:37 ` Martijn Lievaart
2007-04-04 17:44 ` Pascal Hambourg
  -- strict thread matches above, loose matches on Subject: below --
2007-03-30 12:15 spaminator
2007-03-30 14:56 ` Ray Leach
2007-03-31  8:10 ` Martijn Lievaart
2007-03-31 13:41 ` Arnd-Hendrik Mathias

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=361462969@web.de \
    --to=spaminator@web.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.