Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 145242 - Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
: 150142 (view as bug list)
Depends On:
Blocks: FC5Target
  Show dependency treegraph
Reported: 2005-01-15 16:11 EST by Kyrre Ness Sjøbæk
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-12-02 11:29:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kyrre Ness Sjøbæk 2005-01-15 16:11:58 EST
Description of problem:
When i check the "ftp" box in s-c-s, only active ftp works - and few
clients uses this by default. Result? Ftp appears to not work.

Reason is that in passive FTP, the server asks the client to connect
to a (random) high port when connection has been established. So
solution is to either enable this module, or open all (or at least a
range, and then specify that range in your ftpd config file) high ports.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
Actual results:
Ftp seems to be "dead"

Expected results:
Ftp should work when checking the ftp box.

Additional info:

This was discussed on fedora-devel-list.

I would also guess that many just disable the firewall altogether.
Especially when behind a NAT HW router.
Comment 1 Chris Lumens 2005-03-02 16:20:25 EST
*** Bug 150142 has been marked as a duplicate of this bug. ***
Comment 2 Patrick C. F. Ernzer 2005-03-21 07:52:13 EST
Bug 151646 has the same request for RHEL 3
Comment 3 Leonid Kanter 2005-07-06 09:58:05 EDT
This bug is present in RHEL4
Comment 4 Chris Lumens 2005-07-06 17:21:07 EDT
We are looking at adding this feature to a new version of s-c-securitylevel for
FC5.  If you require it for a RHEL4 update as well, it will need to come through
Feature Tracker as this is going to be a little invasive.
Comment 5 Chris Lumens 2005-11-01 10:54:47 EST
Please try tomorrow's system-config-securitylevel package and let me know how it
works.  You should check the FTP box in the UI which will automatically enable
ip_conntrack_ftp and cause iptables to restart.
Comment 6 Kyrre Ness Sjøbæk 2005-11-20 14:48:29 EST
is this fixed on fc4 as well - i don't have any fc3 boxen aviable
Comment 7 Chris Lumens 2005-11-21 12:02:57 EST
This is fixed in the development packages in Rawhide.

Note You need to log in before you can comment on or make changes to this bug.