Hide Forgot
Description of problem: If you want to run ftp server on different port, you have to tell nf_conntrack_ftp module to track connection on that port. iptables init script is not able to load module with parameter correctly. Version-Release number of selected component (if applicable): iptables-1.4.7-4.el6.x86_64 How reproducible: always Steps to Reproduce: 1. modify /etc/sysconfig/iptables-config file, add ports=9876 parameter to nf_conntrack_ftp module. Line should look similar to this one: IPTABLES_MODULES="nf_conntrack_netbios_ns nf_conntrack_ftp ports=9876" 2. re/start iptables (service iptables restart) Actual results: # service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: mangle nat filte[ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Loading additional modules: nf_conntrack_netbios_[FAILED]nntrack_ftp ports=9876 Expected results: iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Loading additional modules: nf_conntrack_netbios_[ OK ]nntrack_ftp
Please create a new conf file in /etc/modprobe.d and add the option for the module there: /etc/modprobe.d/nf.conf options nf_conntrack_ftp ports=9876 IPTABLES_MODULES only contains module names, please have a look at the documentation: # Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which # are loaded after the firewall rules are applied. Options for the helpers are # stored in /etc/modprobe.conf. Closing as not a bug.