Red Hat Bugzilla – Bug 145242
Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Last modified: 2007-11-30 17:10:58 EST
Description of problem:
When i check the "ftp" box in s-c-s, only active ftp works - and few
clients uses this by default. Result? Ftp appears to not work.
Reason is that in passive FTP, the server asks the client to connect
to a (random) high port when connection has been established. So
solution is to either enable this module, or open all (or at least a
range, and then specify that range in your ftpd config file) high ports.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Ftp seems to be "dead"
Ftp should work when checking the ftp box.
This was discussed on fedora-devel-list.
I would also guess that many just disable the firewall altogether.
Especially when behind a NAT HW router.
*** Bug 150142 has been marked as a duplicate of this bug. ***
Bug 151646 has the same request for RHEL 3
This bug is present in RHEL4
We are looking at adding this feature to a new version of s-c-securitylevel for
FC5. If you require it for a RHEL4 update as well, it will need to come through
Feature Tracker as this is going to be a little invasive.
Please try tomorrow's system-config-securitylevel package and let me know how it
works. You should check the FTP box in the UI which will automatically enable
ip_conntrack_ftp and cause iptables to restart.
is this fixed on fc4 as well - i don't have any fc3 boxen aviable
This is fixed in the development packages in Rawhide.