Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 145242 - Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Summary: Make "ftp" option enable ip_conntrac_ftp so passive ftp works
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-securitylevel
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Chris Lumens
QA Contact:
URL:
Whiteboard:
: 150142 (view as bug list)
Depends On:
Blocks: FC5Target
TreeView+ depends on / blocked
 
Reported: 2005-01-15 21:11 UTC by Kyrre Ness Sjøbæk
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-12-02 16:29:23 UTC


Attachments (Terms of Use)

Description Kyrre Ness Sjøbæk 2005-01-15 21:11:58 UTC
Description of problem:
When i check the "ftp" box in s-c-s, only active ftp works - and few
clients uses this by default. Result? Ftp appears to not work.

Reason is that in passive FTP, the server asks the client to connect
to a (random) high port when connection has been established. So
solution is to either enable this module, or open all (or at least a
range, and then specify that range in your ftpd config file) high ports.

Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:
Ftp seems to be "dead"

Expected results:
Ftp should work when checking the ftp box.

Additional info:

This was discussed on fedora-devel-list.

I would also guess that many just disable the firewall altogether.
Especially when behind a NAT HW router.

Comment 1 Chris Lumens 2005-03-02 21:20:25 UTC
*** Bug 150142 has been marked as a duplicate of this bug. ***

Comment 2 Patrick C. F. Ernzer 2005-03-21 12:52:13 UTC
Bug 151646 has the same request for RHEL 3

Comment 3 Leonid Kanter 2005-07-06 13:58:05 UTC
This bug is present in RHEL4

Comment 4 Chris Lumens 2005-07-06 21:21:07 UTC
We are looking at adding this feature to a new version of s-c-securitylevel for
FC5.  If you require it for a RHEL4 update as well, it will need to come through
Feature Tracker as this is going to be a little invasive.

Comment 5 Chris Lumens 2005-11-01 15:54:47 UTC
Please try tomorrow's system-config-securitylevel package and let me know how it
works.  You should check the FTP box in the UI which will automatically enable
ip_conntrack_ftp and cause iptables to restart.

Comment 6 Kyrre Ness Sjøbæk 2005-11-20 19:48:29 UTC
is this fixed on fc4 as well - i don't have any fc3 boxen aviable

Comment 7 Chris Lumens 2005-11-21 17:02:57 UTC
This is fixed in the development packages in Rawhide.


Note You need to log in before you can comment on or make changes to this bug.