[nSLUG] iptables and ftp
nslug at kernelpanic.ca
Mon Apr 14 09:41:43 ADT 2008
On Mon, Apr 14, 2008 at 03:38:43AM -0300, Mike Spencer wrote:
> So what am I missing about RELATED? The manpage explicitly mentions ftp
> as a reason for using RELATED.
Do you have the nf_conntrack_ftp or ip_conntrack_ftp (nf/ip depends on
kernel version) modules loaded?
If you use nat you probably need the nf_nat_ftp or ip_nat_ftp modules.
> (This failure only occurs with command line ftp sessions, not with
> ftp://host.dom/path URLs in my browser. I don't understand that,
The browser probably defaults to passive mode ftp. You can enable this
in your command line ftp client with the "passiv" command. Passiv mode
is generally a good idea as it works through firewalls.
More information about the nSLUG