Re: Security setting to prevent passive ftp?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 24 Jul 2005, Jon August wrote:
Hmm - looks like that module fails to load. Is there a log that would explain why this failed? Thanks for the help! 

'cause my fingers got ahead of my brain.  It's "ip_conntrack_ftp".

Sorry...



$ sudo /etc/rc.d/init.d/iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Loading additional iptables modules: iptables_conntrack_ftp[FAILED]

-Jon





On Jul 24, 2005, at 6:36 AM, Matthew Saltzman wrote:



On Sat, 23 Jul 2005, Jonathan August wrote:
The modprobe ip_conntrack_ftp doesn't return anything and it seems to still have an issue... Do I need to reboot or something? 




You can tell if the modprobe had the desired effect by issuing lsmod.
Also, what do I add to /etc/sysconfig/iptables-config? There just seems to be a few things in there with YES or NO settings... 




IPTABLES_MODULES="iptables_conntrack_ftp"
No need to reboot, but you could "/sbin/service iptables restart". Shouldn't be necessary after the modprobe, but the iptables-config entry only takes effect after restarting iptables.
Are you sure all appropriate ports (20 and 21) are open (on the server and through the firewall)? Is ncftpd configured correctly for passive access? (I don't know anything about configuring ncftpd. Just trying to think of things to check.) 





??

Thanks,
-Jon



On Jul 23, 2005, at 10:12 AM, Matthew Saltzman wrote:




On Sat, 23 Jul 2005, Alexander Dalloz wrote:



Am Sa, den 23.07.2005 schrieb Jonathan August um 15:38:



For my users that use passive ftp, when they connect to ncftpd on my
server, the connection takes a long time and eventually for them as
dialup users, it times out.  If I try to ftp to the machine behind my
firewall and specify to use passive, as soon as I try anything that
sends data (ls, put, get), the connection gets dropped.  I turned off
SELinux, but this didn't help.  Any ideas?
    -Jon



modprobe ip_conntrack_ftp



And to make it permanent, add to /etc/sysconfig/iptables-config.



Alexander



--
        Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list










--
        Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list









--
		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux