On 08/23/18 06:47, ToddAndMargo wrote: > Hi All, > > My iptables firewall ported from RHEL won't connect to ftp sites > and throws this error (written by me years ago): > > > WARNING: active FTP rules have been selected but one or > more necessary modules have not been detected > > In /etc/sysconfig/iptables-config, you must add ip_nat_ftp > and ip_conntrack_ftp to IPTABLES_MODULES. Delimiter is a > space. For example: > IPTABLES_MODULES=ip_nat_ftp ip_conntrack_ftp > > To load changes, use: > # /etc/rc.d/init.d/iptables restart > # systemctl restart iptables > > To check if modules are loaded, use > lsmod > > > 1) is Fedora doing FTP differently in iptables? > > 2) where do I find > ip_nat_ftp > ip_conntrack_ftp > now a days? > I can't locate my notes at the moment. But I believe the way things are done in the netfilter framework has changed. If memory servers me the nf_conntrack_ipv4 will load, as needed, the necessary "helper". I use the standard firewall and these modules are loaded. xt_conntrack 16384 21 nf_conntrack_ipv6 16384 12 nf_defrag_ipv6 20480 1 nf_conntrack_ipv6 nf_conntrack_ipv4 16384 11 nf_defrag_ipv4 16384 1 nf_conntrack_ipv4 nf_conntrack 147456 6 xt_conntrack,nf_conntrack_ipv6,nf_conntrack_ipv4,nf_nat,nf_nat_ipv6,nf_nat_ipv4 libcrc32c 16384 2 nf_conntrack,nf_nat and ftp works fine. ip_nat_ftp does not exist on my system. But I do have nf_conntrack_ftp. -- Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/OZCYLP62YJL6ERZ3AEWTYZJ3LIHU5LBX/
