Bug 145242 - Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Summary: Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
(Show other bugs)
Version: 3
Hardware: All Linux
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
: 150142 (view as bug list)
Depends On:
Blocks: FC5Target
TreeView+ depends on / blocked
Reported: 2005-01-15 21:11 UTC by Kyrre Ness Sjøbæk
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-12-02 16:29:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Kyrre Ness Sjøbæk 2005-01-15 21:11:58 UTC
Description of problem:
When i check the "ftp" box in s-c-s, only active ftp works - and few
clients uses this by default. Result? Ftp appears to not work.

Reason is that in passive FTP, the server asks the client to connect
to a (random) high port when connection has been established. So
solution is to either enable this module, or open all (or at least a
range, and then specify that range in your ftpd config file) high ports.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
Actual results:
Ftp seems to be "dead"

Expected results:
Ftp should work when checking the ftp box.

Additional info:

This was discussed on fedora-devel-list.

I would also guess that many just disable the firewall altogether.
Especially when behind a NAT HW router.

Comment 1 Chris Lumens 2005-03-02 21:20:25 UTC
*** Bug 150142 has been marked as a duplicate of this bug. ***

Comment 2 Patrick C. F. Ernzer 2005-03-21 12:52:13 UTC
Bug 151646 has the same request for RHEL 3

Comment 3 Leonid Kanter 2005-07-06 13:58:05 UTC
This bug is present in RHEL4

Comment 4 Chris Lumens 2005-07-06 21:21:07 UTC
We are looking at adding this feature to a new version of s-c-securitylevel for
FC5.  If you require it for a RHEL4 update as well, it will need to come through
Feature Tracker as this is going to be a little invasive.

Comment 5 Chris Lumens 2005-11-01 15:54:47 UTC
Please try tomorrow's system-config-securitylevel package and let me know how it
works.  You should check the FTP box in the UI which will automatically enable
ip_conntrack_ftp and cause iptables to restart.

Comment 6 Kyrre Ness Sjøbæk 2005-11-20 19:48:29 UTC
is this fixed on fc4 as well - i don't have any fc3 boxen aviable

Comment 7 Chris Lumens 2005-11-21 17:02:57 UTC
This is fixed in the development packages in Rawhide.

Note You need to log in before you can comment on or make changes to this bug.