Re: 2.6.20 and IP_CONNTRACK_FTP
On Thursday 22 February 2007, debian-user-digest-request@lists.debian.org
wrote:
> David Baron <d_baron@012.net.il> wrote:
> > Compiled it taking all the defaults on new features. It boots just fine
> > but has fatal ip_tables errors over and over missing this item. Cannot
> > connect to internet.
> >
> > Any ideas? Do I need this and why?
> >
> > Google had something about setting: modprobe ip_conntrack_ftp
> > ports=21,2121 if compiled as a module. So I set the previously unset
> > constant=m and am recompiling. Where would I specify the modprobe
> > arguments?
>
> Can't you just add the command into your iptables startup script? I mean,
> as far as I know your should should just be shell commands. I know mine has
> it in it, not exactly the same but:
>
> #!/bin/sh
> #set policy on input chain in default (filter) table to drop
> iptables -P INPUT DROP
> #flush input chain
> iptables -F INPUT
> #load the ftp connection tracker module (otherwise active mode ftp won't
> work) modprobe ip_conntrack_ftp
> #accept traffic from established and related connections
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> #allow automatic wireless connection
> iptables -A INPUT -i lo -j ACCEPT
> #accept traffic for our webserver
> iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
> #accept traffic for zsnes
> iptables -A INPUT -p tcp --dport 7845 -j ACCEPT
My iptables init.d script has NO modprobe at all.
I found a modprobe for this module in /etc/rc.firewall and /etc/rc.firewall~
which relates to guarddog.
I can append the ports= there, see what happens in 2.6.18 reboot and 2.6.20
reboot. Might need to test uname -r for 2.6.20?
iptable and related stuff seems to be touched/loaded several times during
bootup, followed by guarddog itself.
Reply to: