Description of problem: When i check the "ftp" box in s-c-s, only active ftp works - and few clients uses this by default. Result? Ftp appears to not work. Reason is that in passive FTP, the server asks the client to connect to a (random) high port when connection has been established. So solution is to either enable this module, or open all (or at least a range, and then specify that range in your ftpd config file) high ports. Version-Release number of selected component (if applicable): How reproducible: Every time Steps to Reproduce: 1. 2. 3. Actual results: Ftp seems to be "dead" Expected results: Ftp should work when checking the ftp box. Additional info: This was discussed on fedora-devel-list. I would also guess that many just disable the firewall altogether. Especially when behind a NAT HW router.
*** Bug 150142 has been marked as a duplicate of this bug. ***
Bug 151646 has the same request for RHEL 3
This bug is present in RHEL4
We are looking at adding this feature to a new version of s-c-securitylevel for FC5. If you require it for a RHEL4 update as well, it will need to come through Feature Tracker as this is going to be a little invasive.
Please try tomorrow's system-config-securitylevel package and let me know how it works. You should check the FTP box in the UI which will automatically enable ip_conntrack_ftp and cause iptables to restart.
is this fixed on fc4 as well - i don't have any fc3 boxen aviable
This is fixed in the development packages in Rawhide.