Hi all
I've set up a firewall using gShield ( http://muse.linuxmafia.org/gshield.html
) and everything works fine EXCEPT connection tracking of FTP sessions.
An lsmod gives:
Module Size Used by
ipt_TOS 912 17 (autoclean)
ipt_mac 624 1 (autoclean)
ipt_unclean 6672 1 (autoclean)
ipt_state 544 2 (autoclean)
ipt_REJECT 2752 9 (autoclean)
ipt_LOG 3216 9 (autoclean)
ipt_limit 864 2 (autoclean)
ip_conntrack_irc 2336 0 (unused)
ip_conntrack_ftp 3216 0 (unused)
iptable_nat 11888 0 (autoclean) (unused)
ip_conntrack 11824 4 (autoclean) [ipt_state ip_conntrack_irc
ip_conntrack_ftp iptable_nat]
iptable_mangle 1696 0 (autoclean) (unused)
iptable_filter 1696 0 (autoclean) (unused)
ip_tables 10272 12 [ipt_TOS ipt_mac ipt_unclean ipt_state
ipt_REJECT ipt_LOG ipt_limit iptable_nat iptable_mangle iptable_filter]
ne2k-pci 4096 2 (autoclean)
8390 5632 0 (autoclean) [ne2k-pci]
It seems the ip_conntrack_ftp module is loaded (which I force) but it is not
being used. The only way I can FTP from a masqueraded box is using PASV
(passive) FTP which won't work in some situations.
The script seems to have the relevant line:
$IPTABLES -I STATEFUL -m state --state ESTABLISHED,RELATED -j ACCEPT
Any ideas on what I might be doing wrong? Do I need to compile a new kernel?
Regards
Jon
--
Jonathan Benson
Systems Administrator
Ocean Internet
http://www.ocean.com.au/
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
