Bug 761544

Summary: Loading module with parameter failed
Product: Red Hat Enterprise Linux 6 Reporter: Branislav Náter <bnater>
Component: iptablesAssignee: iptables-maint-list <iptables-maint-list>
Status: CLOSED NOTABUG QA Contact: qe-baseos-daemons
Severity: low Docs Contact:
Priority: low    
Version: 6.2CC: twoerner
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-13 15:10:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Branislav Náter 2011-12-08 15:14:40 UTC 
Description of problem:
If you want to run ftp server on different port, you have to tell nf_conntrack_ftp module to track connection on that port. iptables init script is not able to load module with parameter correctly.

Version-Release number of selected component (if applicable):
iptables-1.4.7-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. modify /etc/sysconfig/iptables-config file, add ports=9876 parameter to nf_conntrack_ftp module. Line should look similar to this one:
IPTABLES_MODULES="nf_conntrack_netbios_ns nf_conntrack_ftp ports=9876"
2. re/start iptables (service iptables restart)
  
Actual results:
# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: mangle nat filte[  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
iptables: Loading additional modules: nf_conntrack_netbios_[FAILED]nntrack_ftp ports=9876

Expected results:
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
iptables: Loading additional modules: nf_conntrack_netbios_[  OK  ]nntrack_ftp
Comment 2 Thomas Woerner 2011-12-13 15:10:51 UTC 
Please create a new conf file in /etc/modprobe.d and add the option for the module there:

/etc/modprobe.d/nf.conf
options nf_conntrack_ftp ports=9876

IPTABLES_MODULES only contains module names, please have a look at the documentation:

# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.

Closing as not a bug.