> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jonathan Benson
> Sent: Wednesday, July 25, 2001 10:41 PM
> To: [EMAIL PROTECTED]
> Subject: ip_conntrack_ftp NOT working?
>
>
> Hi all
>
> I've set up a firewall using gShield
> http://muse.linuxmafia.org/gshield.html
> ) and everything works fine EXCEPT connection tracking of FTP sessions.
>
> It seems the ip_conntrack_ftp module is loaded (which I force)
> but it is not
> being used. The only way I can FTP from a masqueraded box is using PASV
> (passive) FTP which won't work in some situations.
>
> The script seems to have the relevant line:
> $IPTABLES -I STATEFUL -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>
>
> Any ideas on what I might be doing wrong? Do I need to compile a
> new kernel?
>
---
yes - update kernel - ip_conntrack_ftp has a major security flaw in the
original 2.4.2-2 standard kernel for 7.1 and needs to be replaced if you use
ip_tables (which you are).
at least - update to 2.4.3-12 kernel - official RH update if not compile
your own.
I can't verify whether you will be able to use other than passive FTP
anyway - I suppose that would depend upon your ip_tables rulesets.
Craig
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
