Basically, ip_conntack_ftp enables your firewall to identify packets relating to ftp, and ip_nat_ftp modifies ftp packets for computers behind a firewall running nat. ip_nat_ftp requires ip_conntrack_ftp to be loaded, so it loads that module automatically for you. Thats why loading either of them works for you. It looks as if you should be able to just load ip_conntrack_ftp to get everything to work, and ignore ip_nat_ftp. I hope this helps a bit. --James Cooley linux@xxxxxxxxxxxxxxxxxx wrote: >Hi! > >I'm working on a RHEL WS3, Taroon Update 5 and have the following problem: >I installed the ftp-server "vsftpd-2.0.3" as a xinetd based services and would >like to get it working. >I opened the firewall on FTP using redhat-config-securitylevel. Then I could >connect to my machine but "ls" didn't work (No route to host). > >Then I googled a little and found out that it might be needed to load an >additional module which can be added to the file /etc/sysconfig/iptables-config. >So I loaded from the command prompt the module ip_conntrack_ftp with the command >"modprobe ip_conntrack_ftp", ....and FTP works now! >Additionaly I found out that if I load the module "ip_nat_ftp", FTP works as well. > >Now I don't know which module I should add to the file 'iptables-config', only >one of them or both, ip_nat_ftp and ip_conntrack_ftp? > >What are these modules for? > > >Thanks very much for your help! >Marcel Fritzenwallner > > > > > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
