On Sat, 2005-02-19 at 12:46 +0100, Bart Westra wrote:After upgrading to iptables-1.2.8-8.90.1.legacy for Red Hat 9, I have found that ip_conntrack_ftp is not working on some interfaces of my system (it has 4 physical interfaces). It no longer recognizes the data sessions associated with an ftp control session. When I open the high ports in iptables, the data session will work.
With the new iptables package, you have to manually add "ip_conntrack_ftp" to the IPTABLES_MODULES="" variable in the /etc/sysconfig/iptables-config file and uncomment the line.
Please try that and report back here if it worked so we can close the bug.
Umm.. that shouldn't be needed -- the whole point is that the modules are loaded properly? (Of course, it can be tried...)
But that said, something _is_ wrong. I started hearing weird reports from our multi-interface RHL9-based firewall as well, and I couldn't associate them until now.
It would be interesting to know whether conntrack_ftp is: - automatically loaded or not - actually loaded when conntracking fails - whether conntracking works on some interfaces and not in others
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list