Bug 111228
Summary: | When trying to allow port 20 through firewall to support ftp server, it is not honored, thus not allowing clients important ftp functionality. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joe Dumais <jjejdumais> |
Component: | iptables | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 1 | CC: | gedetil |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i586 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-12-03 11:34:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Joe Dumais
2003-12-01 00:25:27 UTC
You have to add ip_nat_ftp to IPTABLES_MODULES in /etc/sysconfig/iptables-config or you have to use active ftp data transfer mode in the ftp client. Please have a look at the ftp man page. I believe that should be the ip_conntrack_ftp module, if you're only interested in connection tracking and not using NAT. By the way, that's not in the ftp man page, nor is it in the vsftpd or vsftpd.conf man pages. The only place I found this described was on mailing list archives, after doing lots of web searches. This really needs to be better documented. Furthermore, when you select FTP as part of the firewall configuration in the anaconda setup, it should add the appropriate module(s) to IPTABLES_MODULES for you. (Likewise for other services requiring tracking modules.) |