145242 – Make "ftp" option enable ip_conntrac_ftp so passive ftp works

Bug 145242 - Make "ftp" option enable ip_conntrac_ftp so passive ftp works

Summary: Make "ftp" option enable ip_conntrac_ftp so passive ftp works

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	system-config-securitylevel
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Chris Lumens
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	150142 (view as bug list)
Depends On:
Blocks:	FC5Target
TreeView+	depends on / blocked

Reported:	2005-01-15 21:11 UTC by Kyrre Ness Sjøbæk
Modified:	2007-11-30 22:10 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-12-02 16:29:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kyrre Ness Sjøbæk 2005-01-15 21:11:58 UTC

Description of problem:
When i check the "ftp" box in s-c-s, only active ftp works - and few
clients uses this by default. Result? Ftp appears to not work.

Reason is that in passive FTP, the server asks the client to connect
to a (random) high port when connection has been established. So
solution is to either enable this module, or open all (or at least a
range, and then specify that range in your ftpd config file) high ports.

Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:
Ftp seems to be "dead"

Expected results:
Ftp should work when checking the ftp box.

Additional info:

This was discussed on fedora-devel-list.

I would also guess that many just disable the firewall altogether.
Especially when behind a NAT HW router.

Comment 1 Chris Lumens 2005-03-02 21:20:25 UTC

*** Bug 150142 has been marked as a duplicate of this bug. ***

Comment 2 Patrick C. F. Ernzer 2005-03-21 12:52:13 UTC

Bug 151646 has the same request for RHEL 3

Comment 3 Leonid Kanter 2005-07-06 13:58:05 UTC

This bug is present in RHEL4

Comment 4 Chris Lumens 2005-07-06 21:21:07 UTC

We are looking at adding this feature to a new version of s-c-securitylevel for
FC5.  If you require it for a RHEL4 update as well, it will need to come through
Feature Tracker as this is going to be a little invasive.

Comment 5 Chris Lumens 2005-11-01 15:54:47 UTC

Please try tomorrow's system-config-securitylevel package and let me know how it
works.  You should check the FTP box in the UI which will automatically enable
ip_conntrack_ftp and cause iptables to restart.

Comment 6 Kyrre Ness Sjøbæk 2005-11-20 19:48:29 UTC

is this fixed on fc4 as well - i don't have any fc3 boxen aviable

Comment 7 Chris Lumens 2005-11-21 17:02:57 UTC

This is fixed in the development packages in Rawhide.

Note You need to log in before you can comment on or make changes to this bug.