On Sun, 3 Apr 2005, Markku Kolkka wrote:
Justin Zygmont kirjoitti viestissään (lähetysaika sunnuntai, 3. huhtikuuta 2005 00:33):are you sure ftp_conntrack is even needed? I thought that's usually used just for stateful routing through a server, and not to connect to one from the outside.
No, that's a different module: ip_nat_ftp. The ip_conntrack_ftp module is required for the ESTABLISHED,RELATED rule to work for incoming FTP connections.
I don't see how that can be, because when I stop iptables it also unloads ftp_conntrack, and even ip_conntrack. I can get a ftp listing with iptables is off and those modules unloaded. here's what I have loaded, and it works until I restart iptables.
Module Size Used by
nfsd 184033 2 exportfs 7745 1 nfsd
lockd 58089 2 nfsd
md5 4033 1 ipv6 231425 20 i2c_dev 10433 0 i2c_core 20801 1 i2c_dev
sunrpc 156197 19 nfsd,lockd
dm_mod 55509 0 8139too 26433 0 mii 4673 1 8139too
tulip 48353 0 floppy 57841 0 ext3 116169 2 jbd 69849 1 ext3
