Re: FTP active getting blocked [solved]
On Wed, Feb 19, 2003 at 04:39:57AM -0800, Paul Johnson wrote:
> On Wed, Feb 19, 2003 at 03:02:33PM +1300, Richard Hector wrote:
> > Should that (ip_conntrack_ftp) work for a non-NAT filter as well?
> >
> > Or is there some other trick for that?
>
> I don't imagine it would, but then again, I've never tried it so I
> don't know firsthand. Care to try it and post the results?
I tried it briefly - that is, I used modconf to install ip_conntrack_ftp.
It didn't work (still logged dropped packets when I tried to ls).
Then I read something that suggested to me that maybe this module just
updates a table, and I need extra iptables rules to allow related
traffic.
The combination of the hassle of reading about and doing this, and the
other article I read on 2.4/ftp vulnerabilities, and the fact that I
actually don't use ftp very much, made me decide it wasn't worthwhile
going further (at the moment, anyway).
Richard
Reply to: