Re: Firewall config and ftp server

From: Rick Stevens <ricks@xxxxxxxx>
Date: Wed, 10 Mar 2010 09:37:31 -0800

On 03/09/2010 07:47 PM, NoSpaze wrote:

Am Dienstag, den 09.03.2010, 23:09 +0800 schrieb Edward. S. P. Leong:

NoSpaze wrote:

# modprobe ip_tables
FATAL: Module ip_tables not found.

Again: this module does not exist! Maybe ip_nat or nf_nat?

To clarify, several kernels ago the IPV4 iptables was defaulted to being
built into the kernel so it doesn't need a modprobe or insmod. Ditto
with the IPV4 conntrack (snippet of the default kernel config file):

CONFIG_NF_DEFRAG_IPV4=y <<<---- Built into kernel
CONFIG_NF_CONNTRACK_IPV4=y <<<---- Built into kernel
# CONFIG_NF_CONNTRACK_PROC_COMPAT is not set
CONFIG_IP_NF_QUEUE=m <<<---- Module
CONFIG_IP_NF_IPTABLES=y <<<---- Built into kernel

So remove those items from your /etc/modprobe.conf file. It is also not
necessary to modprobe things like the NAT module and such...if
there are rules in your iptables config that require them, they'll
be drug in by iptables itself. The "modprobe"able modules can be
found by doing a

ls /lib/modules/`uname -r`/kernel/net/ipv4/netfilter

Note that the IPV6 versions of those modules ARE built as modules and
will need to be either modprobed or drug in as part of the iptables
rulesets.

Keep in mind that the /etc/modprobe.conf file has been deprecated in
favor of the /etc/modprobe.d/local.conf file.

# modprobe ip_nat_ftp
# modprobe ip_conntrack
FATAL: Module ip_conntrack not found.
# modprobe ip_conntrack_ftp
You do not show the output of this three commands, this is mine.
Matches your setup?

Dear You,
Mine in here :
[]# modprobe ip_tables
WARNING: Deprecated config file /etc/modprobe.conf, all config files
belong into /etc/modprobe.d/.
FATAL: Module ip_tables not found.
[]# modprobe ip_nat_ftp
WARNING: Deprecated config file /etc/modprobe.conf, all config files
belong into /etc/modprobe.d/.
[]# modprobe ip_conntrack
WARNING: Deprecated config file /etc/modprobe.conf, all config files
belong into /etc/modprobe.d/.
FATAL: Module ip_conntrack not found.

(same as mine)

[]# modprobe ip_conntrack_ftp
WARNING: Deprecated config file /etc/modprobe.conf, all config files
belong into /etc/modprobe.d/.

Ok. maybe some names are messed up on your modules.conf, maybe you have
names like nf_nat_ftp and nf_conntrack_ftp. Check this commands outputs:

# ls -l /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/

# modinfo nf_nat_ftp nf_conntrack_ftp

filename: /lib/modules/2.6.32.9-67.fc12.i686/kernel/net/ipv4/netfilter/nf_nat_ftp.ko
alias: ip_nat_ftp
description: ftp NAT helper
author: Rusty Russell<rusty@xxxxxxxxxxxxxxx>
license: GPL
srcversion: F92EE3A32D64466A49CF33B
depends: nf_nat,nf_conntrack_ftp
vermagic: 2.6.32.9-67.fc12.i686 SMP mod_unload 686

filename: /lib/modules/2.6.32.9-67.fc12.i686/kernel/net/netfilter/nf_conntrack_ftp.ko
alias: nfct-helper-ftp
alias: ip_conntrack_ftp
description: ftp connection tracking helper
author: Rusty Russell<rusty@xxxxxxxxxxxxxxx>
license: GPL
srcversion: BCE75C1712FB8C7DF825917
depends:
vermagic: 2.6.32.9-67.fc12.i686 SMP mod_unload 686
parm: ports:array of ushort
parm: loose:bool

# cat /proc/modules |grep nf

nf_nat_ftp 2452 0 - Live 0xf7dad000
nf_nat 15785 1 nf_nat_ftp, Live 0xf8881000
nf_conntrack_ftp 9435 1 nf_nat_ftp, Live 0xf8857000
nf_conntrack_ipv6 14859 2 - Live 0xf9ee2000
ipv6 223738 22 ip6t_REJECT,nf_conntrack_ipv6, Live 0xf9e76000

So, is there any solution for me ?

Good: read, fix. Bad: update/reinstall. Ugly: pay. Greets.
----------------------------------------------
Rodolfo Alcazar Portillo - nospaze@xxxxxxxxx
otbits.blogspot.com / counter.li.org: #367962
----------------------------------------------
An ASCII character walks into a bar and orders a double. "Having a
bad day?" asks the barman. "Yeah, I have a parity error," replies the
ASCII character. The barman says, "Yeah, I thought you looked a bit
off."
-- Skud

--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- "Hello. My PID is Inigo Montoya. You `kill -9'-ed my parent -
- process. Prepare to vi." -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Follow-Ups:
- Re: Firewall config and ftp server
  - From: Edward. S. P. Leong

References:
- Firewall config and ftp server
  - From: Edward. S. P. Leong
- Re: Firewall config and ftp server
  - From: NoSpaze
- Re: Firewall config and ftp server
  - From: Edward. S. P. Leong
- Re: Firewall config and ftp server
  - From: NoSpaze

Prev by Date: Re: Fedora 12 installing
Next by Date: Re: fc12 create initramfs contaning twofish kernel module
Previous by thread: Re: Firewall config and ftp server
Next by thread: Re: Firewall config and ftp server
Index(es):
- Date
- Thread

Relevant Pages

iptables config problem in Fedora 11
... modprobe ip_nat_ftp ... Deprecated config file /etc/modprobe.conf, ... belong into /etc/modprobe.d/. ...
(Fedora)
Re: how to load a module
... Deprecated config file /etc/modprobe.conf, ... # modprobe easycap ... after the module is in the kernel tree, and a depmod has been done. ... Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines ...
(Fedora)
Re: Novatel MC950D 3G-device in fedora 11
... modprobe -r usbserial reports ... Deprecated config file /etc/modprobe.conf, ... And, on the creation of modem connection, no modem will ... install usb_modeswitch with yum and follow this howto: ...
(Fedora)
Re: iptables config problem in Fedora 11
... modprobe ip_nat_ftp ... Deprecated config file /etc/modprobe.conf, ... belong into /etc/modprobe.d/. ...
(Fedora)
Re: iptables config problem in Fedora 11
... modprobe ip_nat_ftp ... Deprecated config file /etc/modprobe.conf, ... belong into /etc/modprobe.d/. ...
(Fedora)