[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEfirewall2 FTP problems since update to 10.0 [SOLVED]



On Wed, 2006-11-01 at 23:14 +0100, Leen de Braal wrote:
> > Hello All!
> >
> > I have a box that is acting as a masquerading firewall between a lan and
> > the great WWW.  I used to have a rule for a subnet of machines that were
> > only allowed to FTP due to web abuse issues.  This was in SuSEfirewall2
> > in 9.1.  I have just upgraded to 10.0 and now Active FTP is broken.  The
> > relative lines were:
> >
> > 192.168.20.224/28,0/0,tcp,20 192.168.20.224/28,0/0,udp,20
> > 192.168.20.224/28,0/0,tcp,21 192.168.20.224/28,0/0,udp,21
> >
> > in FW_MASQ_NETS.  It worked great.  Now my FTP clients stop dead in
> > their tracks at the PORT command.
> >
> >
> 
> Try the last block (nr 32.) in SFW:
> 
> FW_LOAD_MODULES="ip_nat_ftp"


That fixed it.  After a little research, I see these kernel modules are
directly applicable to netfilter / iptables.  Is there somewhere that
they are well documented?  I searched http://www.netfilter.org/ for a
while and couldn't find any clear detail on ip_nat_ftp and
ip_conntrack_ftp or if there's even any other modules that might be
useful.


Thanks!

Mike


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here