Re: 2.6.20 and IP_CONNTRACK_FTP

To: debian-user@lists.debian.org
Subject: Re: 2.6.20 and IP_CONNTRACK_FTP
From: Michael Pobega <pobega@gmail.com>
Date: Thu, 22 Feb 2007 09:34:15 -0500
Message-id: <[🔎] 20070222093415.0c615238.pobega@gmail.com>
In-reply-to: <[🔎] 200702221555.31114.d_baron@012.net.il>
References: <[🔎] 200702221555.31114.d_baron@012.net.il>

On Thu, 22 Feb 2007 15:55:30 +0200
David Baron <d_baron@012.net.il> wrote:

> Compiled it taking all the defaults on new features. It boots just fine but 
> has fatal ip_tables errors over and over missing this item. Cannot connect to 
> internet.
> 
> Any ideas? Do I need this and why?
> 
> Google had something about setting: modprobe ip_conntrack_ftp ports=21,2121 if 
> compiled as a module. So I set the previously unset constant=m and am 
> recompiling. Where would I specify the modprobe arguments?
> 
> 

Can't you just add the command into your iptables startup script? I mean, as far as I know your should should just be shell commands. I know mine has it in it, not exactly the same but:

#!/bin/sh
#set policy on input chain in default (filter) table to drop
iptables -P INPUT DROP 
#flush input chain
iptables -F INPUT
#load the ftp connection tracker module (otherwise active mode ftp won't work)
modprobe ip_conntrack_ftp
#accept traffic from established and related connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#allow automatic wireless connection
iptables -A INPUT -i lo -j ACCEPT
#accept traffic for our webserver
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
#accept traffic for zsnes
iptables -A INPUT -p tcp --dport 7845 -j ACCEPT

Reply to:

References:
- 2.6.20 and IP_CONNTRACK_FTP
  - From: David Baron <d_baron@012.net.il>

Prev by Date: 2.6.20 and IP_CONNTRACK_FTP
Next by Date: Re: avidemux, ffmpeg and lavc
Previous by thread: 2.6.20 and IP_CONNTRACK_FTP
Next by thread: Re: 2.6.20 and IP_CONNTRACK_FTP
Index(es):
- Date
- Thread