Bug 145242

Summary: Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Product: [Fedora] Fedora Reporter: Kyrre Ness Sjøbæk <kyrsjo>
Component: system-config-securitylevelAssignee: Chris Lumens <clumens>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: leon, pcfe, woodt
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-12-02 16:29:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150221    

Description Kyrre Ness Sjøbæk 2005-01-15 21:11:58 UTC 
Description of problem:
When i check the "ftp" box in s-c-s, only active ftp works - and few
clients uses this by default. Result? Ftp appears to not work.

Reason is that in passive FTP, the server asks the client to connect
to a (random) high port when connection has been established. So
solution is to either enable this module, or open all (or at least a
range, and then specify that range in your ftpd config file) high ports.

Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:
Ftp seems to be "dead"

Expected results:
Ftp should work when checking the ftp box.

Additional info:

This was discussed on fedora-devel-list.

I would also guess that many just disable the firewall altogether.
Especially when behind a NAT HW router.
Comment 1 Chris Lumens 2005-03-02 21:20:25 UTC 
*** Bug 150142 has been marked as a duplicate of this bug. ***
Comment 2 Patrick C. F. Ernzer 2005-03-21 12:52:13 UTC 
Bug 151646 has the same request for RHEL 3
Comment 3 Leonid Kanter 2005-07-06 13:58:05 UTC 
This bug is present in RHEL4
Comment 4 Chris Lumens 2005-07-06 21:21:07 UTC 
We are looking at adding this feature to a new version of s-c-securitylevel for
FC5.  If you require it for a RHEL4 update as well, it will need to come through
Feature Tracker as this is going to be a little invasive.
Comment 5 Chris Lumens 2005-11-01 15:54:47 UTC 
Please try tomorrow's system-config-securitylevel package and let me know how it
works.  You should check the FTP box in the UI which will automatically enable
ip_conntrack_ftp and cause iptables to restart.
Comment 6 Kyrre Ness Sjøbæk 2005-11-20 19:48:29 UTC 
is this fixed on fc4 as well - i don't have any fc3 boxen aviable
Comment 7 Chris Lumens 2005-11-21 17:02:57 UTC 
This is fixed in the development packages in Rawhide.