Re: Security setting to prevent passive ftp?
From: Matthew Saltzman (mjs_at_ces.clemson.edu)
Date: 07/24/05
- Previous message: John Que: "trying to remove a second ip fails"
- In reply to: Jonathan August: "Re: Security setting to prevent passive ftp?"
- Next in thread: Jon August: "Re: Security setting to prevent passive ftp?"
- Reply: Jon August: "Re: Security setting to prevent passive ftp?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 24 Jul 2005 06:36:08 -0400 (EDT) To: For users of Fedora Core releases <fedora-list@redhat.com>
On Sat, 23 Jul 2005, Jonathan August wrote:
>
> The modprobe ip_conntrack_ftp doesn't return anything and it seems to still
> have an issue... Do I need to reboot or something?
You can tell if the modprobe had the desired effect by issuing lsmod.
>
> Also, what do I add to /etc/sysconfig/iptables-config? There just seems to
> be a few things in there with YES or NO settings...
IPTABLES_MODULES="iptables_conntrack_ftp"
No need to reboot, but you could "/sbin/service iptables restart".
Shouldn't be necessary after the modprobe, but the iptables-config entry
only takes effect after restarting iptables.
Are you sure all appropriate ports (20 and 21) are open (on the server and
through the firewall)? Is ncftpd configured correctly for passive access?
(I don't know anything about configuring ncftpd. Just trying to think of
things to check.)
>
> ??
>
> Thanks,
> -Jon
>
>
>
> On Jul 23, 2005, at 10:12 AM, Matthew Saltzman wrote:
>
>> On Sat, 23 Jul 2005, Alexander Dalloz wrote:
>>
>>
>>> Am Sa, den 23.07.2005 schrieb Jonathan August um 15:38:
>>>
>>>
>>>> For my users that use passive ftp, when they connect to ncftpd on my
>>>> server, the connection takes a long time and eventually for them as
>>>> dialup users, it times out. If I try to ftp to the machine behind my
>>>> firewall and specify to use passive, as soon as I try anything that
>>>> sends data (ls, put, get), the connection gets dropped. I turned off
>>>> SELinux, but this didn't help. Any ideas?
>>>>
>>>
>>>
>>>> -Jon
>>>>
>>>
>>> modprobe ip_conntrack_ftp
>>>
>>
>> And to make it permanent, add to /etc/sysconfig/iptables-config.
>>
>>
>>>
>>> Alexander
>>>
>>>
>>>
>>>
>>
>> --
>> Matthew Saltzman
>>
>> Clemson University Math Sciences
>> mjs AT clemson DOT edu
>> http://www.math.clemson.edu/~mjs
>>
>> --
>> fedora-list mailing list
>> fedora-list@redhat.com
>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>
>
>
-- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: John Que: "trying to remove a second ip fails"
- In reply to: Jonathan August: "Re: Security setting to prevent passive ftp?"
- Next in thread: Jon August: "Re: Security setting to prevent passive ftp?"
- Reply: Jon August: "Re: Security setting to prevent passive ftp?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
