Re: Firewall config and ftp server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rick Stevens wrote: 
On 03/11/2010 08:17 AM, Edward. S. P. Leong wrote:
  
Rick Stevens wrote:
    
On 03/09/2010 07:47 PM, NoSpaze wrote:

      
Am Dienstag, den 09.03.2010, 23:09 +0800 schrieb Edward. S. P. Leong:

        
NoSpaze wrote:

          
# modprobe ip_tables
FATAL: Module ip_tables not found.

            
Again: this module does not exist! Maybe ip_nat or nf_nat?

        
To clarify, several kernels ago the IPV4 iptables was defaulted to being
built into the kernel so it doesn't need a modprobe or insmod.  Ditto
with the IPV4 conntrack (snippet of the default kernel config file):

CONFIG_NF_DEFRAG_IPV4=y<<<---- Built into kernel
CONFIG_NF_CONNTRACK_IPV4=y<<<---- Built into kernel
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
CONFIG_IP_NF_QUEUE=m<<<---- Module
CONFIG_IP_NF_IPTABLES=y<<<---- Built into kernel

So remove those items from your /etc/modprobe.conf file.  It is also not
necessary to modprobe things like the NAT module and such...if
there are rules in your iptables config that require them, they'll
be drug in by iptables itself.  The "modprobe"able modules can be
found by doing a

	ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter

      
Hello to you,

Would you mind to tell me how to apply the following iptables module
into FC11 System ?

ip_nat_ftp
ip_conntrack_ftp
    

You should just write the rules you need.  The kernel should be set up
to autoload the modules it needs to support your rules.  If you're in
doubt, use the "-m modulename" option in the rule, e.g.

	... -m nf_nat_ftp -s 10.1.0.0/24 ....
Hello,

I just tried the following cli in server side :

[root@host1 ~]# iptables -A INPUT -i eth1 -p tcp --dport 21 -m nf_nat_ftp -s 192.168.1.0/24 -d 192.168.1.254 -j ACCEPT
iptables v1.4.3.1: Couldn't load match `nf_nat_ftp':/lib/xtables/libipt_nf_nat_ftp.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
[root@host1 ~]#

Is there any solution for it ?

Thanks !

Edward.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux