anywhere
so we try to limit the access just to a few accepted services. We are
loading the ip_conntrack_ftp and ip_nat_ftp modules:
# lsmod
Module Size Used byNot tainted
ipt_state 1080 1 (autoclean)
cls_u32 6332 2 (autoclean)
sch_cbq
Chris you got it!
[root@pickles etc]# cat /etc/rc.modules
/sbin/modprobe ip_conntrack_ftp ports=21,6969
now I can run an FTP server on port 6969 and have it properly work with
ip_conntrack
Thanks,
Tommy
On Sun, 2003-01-05 at 15:41, Chris Kloiber wrote:
> On Sun, 2003-01-05 at 15:40, To
specifying the options in /etc/modules.conf work for me? .. i see
> > something about /etc/rc.modules in the /etc/rc.sysinit ?? or is there
> > something like /etc/modules.autoload ??
>
> For some reason, ip_conntrack_ftp doesn't load itself automatically. You
> can make
t; case "$1" in
> start)
> start
> insmod ip_conntrack_irc
> insmod ip_conntrack_ftp
> insmod ip_nat_ftp
> ;;
>
> stop)
> stop
> rmmod ip_conntrack_irc
> rmmod ip_conntrack_ftp
> rmmod i
/etc/rc.modules in the /etc/rc.sysinit ?? or is there
> something like /etc/modules.autoload ??
For some reason, ip_conntrack_ftp doesn't load itself automatically. You
can make an /etc/rc.modules that contains "modprobe ip_conntrack_ftp" if
you wish (make sure it's executabl
;$1" in
start)
start
insmod ip_conntrack_irc
insmod ip_conntrack_ftp
insmod ip_nat_ftp
;;
stop)
stop
rmmod ip_conntrack_irc
rmmod ip_conntrack_ftp
rmmod ip_nat_ftp
;;
restart)
# "restart" is reall
ing like /etc/modules.autoload ??
> =>
> =>Tommy
>
> How about something like this:
>
> add above ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack
>ipt_state ipt_unclean ipt_LOG ipt_limit
> add above ip_conntrack ip_conntrack_ftp ip_conntrack_irc
&g
odules in the /etc/rc.sysinit ?? or is there
=>something like /etc/modules.autoload ??
=>
=>Tommy
How about something like this:
add above ip_tables iptable_filter iptable_mangle iptable_nat ip_conntrack
ipt_state ipt_unclean ipt_LOG ipt_limit
add above ip_conntrack ip_conntrack_ftp
/modules.autoload ??
Tommy
On Sun, 2003-01-05 at 00:29, djh wrote:
> On Sun, 5 Jan 2003, Tommy McNeely wrote:
> > ...
> > is there some sort of module option to set to have ip_conntrack_ftp
> > watch another port,
>
> modinfo will list module parameters.
>
> > and whe
On Sun, 5 Jan 2003, Tommy McNeely wrote:
> I use the "stateful" packet filter with iptables.. and it has a
> module called ip_conntrack_ftp that will open the proper ports to
> allow someone to do a passive ftp connection to me.. however, if I
> run my ftp server on an alt
On Sun, 5 Jan 2003, Tommy McNeely wrote:
> ...
> is there some sort of module option to set to have ip_conntrack_ftp
> watch another port,
modinfo will list module parameters.
> and where would I put it... right now all I did was
modprobe ip_conntrack_ftp ports=21,8021
Or if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 05 January 2003 02:01 am, Tommy McNeely wrote:
> Hoping someone can resolve this one.. its annoying.
>
> I use the "stateful" packet filter with iptables.. and it has a module
> called ip_conntrack_ftp that will op
Hoping someone can resolve this one.. its annoying.
I use the "stateful" packet filter with iptables.. and it has a module
called ip_conntrack_ftp that will open the proper ports to allow someone
to do a passive ftp connection to me.. however, if I run my ftp server
on an alternat
13 matches
Mail list logo
