This discussion is archived
4 Replies Latest reply: Feb 9, 2013 11:41 PM by Dude! RSS

Adding multiple IPTABLES_MODULES

975148 Newbie
Currently Being Moderated
I have a RHEL 5.8 server and I am trying to implement a writable FTP server. I need to add the following module as below,

IPTABLES_MODULES=”nf_conntrack_ftp nf_nat_ftp”

But there is already a module like this,

IPTABLES_MODULES=”ip_conntrack_netbios_ns”

My query is how to add 2 IPTABLES_MODULES.

I hope, my question is clear.

Please revert with the reply to my query.

Regards
  • 1. Re: Adding multiple IPTABLES_MODULES
    Dude! Guru
    Currently Being Moderated
    I have a RHEL 5.8 server and I am trying to implement a writable FTP server.
    You can change /etc/sysconfig/iptables-config

    IPTABLES_MODULES="ip_conntrack_netbios_ns"
    to
    IPTABLES_MODULES="ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack_ftp"

    # modprobe ip_nat_ftp ip_conntrack_ftp
    # lsmod | grep ftp

    Then restart the firewall and check /var/log/messages

    # service iptables restart
    # tail /var/log/messages

    But what are you trying to fix? As far as I know the kernel modules address matters of passive FTP in case your client is behind a NAT interface. FTP is a two way connection. The server requests the IP of the client to connect back to the client for data transfer. In passive FTP mode the client initiates both connections to the server. As far as I know this affects your ability to connect to the FTP server, but not write access to the FTP server as such.
  • 2. Re: Adding multiple IPTABLES_MODULES
    975148 Newbie
    Currently Being Moderated
    Thanks
  • 3. Re: Adding multiple IPTABLES_MODULES
    alvaromiranda Explorer
    Currently Being Moderated
    Hi there.

    Take into consideration FTP use 2 ports.. 20 and 21.

    So be sure to allow both in your rules.

    Alvaro.
  • 4. Re: Adding multiple IPTABLES_MODULES
    Dude! Guru
    Currently Being Moderated
    Not necessarily. If the FTP server is behind NAT or Firewall, since the OP asked about relevant modules, then it is often configured to use a passive port. The problem with NAT is that the FTP server may not be able to connect back to the private IP reported by the FTP client, which is typical for external access, hence the connection will fail.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points