| View previous topic :: View next topic |
| Author |
Message |
kreon28
Apprentice
Joined: 08 Jul 2006
Posts: 165
|
 Posted: Wed May 23, 2007 4:15 pm Post subject: Module ip_conntrack_ftp |
 |
|
After a lot of googling and looking inside my kernel 2.6.20-r6, I'm giving up.
I've got Guarddog who makes my iptables rules.
The problem is that every time I'm changing some rule, guarddog warns me that he cannot find module: ip_conntrack_ftp.
As I said - I have looked inside my kernel config and I think I can't find such module to compile.
Maybe you could help me with that? |
|
| Back to top |
|
 |
erik258
Advocate
Joined: 12 Apr 2005
Posts: 2650
Location: Twin Cities, Minnesota, USA
|
| Posted: Wed May 23, 2007 4:38 pm Post subject: |
|
|
Sure, here's where to find it.
Networking ---> Networking options ---> [ * ] Network packet filtering framework (Netfilter) ---> Core Netfilter Configuration ---> < M > FTP protocol support (NEW)
But the name isn't the same, now the config symbol is NF_CONNTRACK_FTP. You'll probably have to rebuild guarddog against your new kernel.
If you need help getting iptables working so you can emerge, just let us know.
_________________
Configuring a Firewall? Try my iptables configuration
LinuxCommando.com is my blog for linux-related scraps and tidbits. Stop by for a visit! |
|
| Back to top |
|
|
kreon28
Apprentice
Joined: 08 Jul 2006
Posts: 165
|
| Posted: Sat May 26, 2007 2:11 pm Post subject: |
|
|
Thanx for your answer. Well I found out that I had build that option in kernel and when I built that as a module then guarddog doesn't show that error any more.
But other problem appears. When I disconnect (I'm using ppp) and then connect after a while firewall blocks my whole connection. I have to run Guarddog and click ok (no changes of course) then I have to disconnect and connect again |
|
| Back to top |
|
|
erik258
Advocate
Joined: 12 Apr 2005
Posts: 2650
Location: Twin Cities, Minnesota, USA
|
| Posted: Sat May 26, 2007 3:11 pm Post subject: |
|
|
I wonder of the firewall would work better with handwritten rules? In other words, is the problem in iptables or GuardDog?
_________________
Configuring a Firewall? Try my iptables configuration
LinuxCommando.com is my blog for linux-related scraps and tidbits. Stop by for a visit! |
|
| Back to top |
|
|
kreon28
Apprentice
Joined: 08 Jul 2006
Posts: 165
|
| Posted: Sat May 26, 2007 4:07 pm Post subject: |
|
|
| erik258 wrote: | | I wonder of the firewall would work better with handwritten rules? In other words, is the problem in iptables or GuardDog? |
Guarddog doesn't write any errors - so I think it works fine. |
|
| Back to top |
|
|
erik258
Advocate
Joined: 12 Apr 2005
Posts: 2650
Location: Twin Cities, Minnesota, USA
|
| Posted: Sat May 26, 2007 9:26 pm Post subject: |
|
|
| Quote: |
But other problem appears. When I disconnect (I'm using ppp) and then connect after a while firewall blocks my whole connection. I have to run Guarddog and click ok (no changes of course) then I have to disconnect and connect again |
I'm sorry, I was unclear. It seems that there needs to be an adjustment when your ppp interface comes up that needs to be made to open up the firewall and whatnot. I'm not sure about how guardDog handles this kind of stuff, but one place you could potentially solve this problem is in a short postup() script in /etc/conf.d/net for you ppp interface. That way, when it comes up, you can either restart guarddog or adjust the rules.
_________________
Configuring a Firewall? Try my iptables configuration
LinuxCommando.com is my blog for linux-related scraps and tidbits. Stop by for a visit! |
|
| Back to top |
|
|
kreon28
Apprentice
Joined: 08 Jul 2006
Posts: 165
|
| Posted: Tue May 29, 2007 9:12 am Post subject: |
|
|
| erik258 wrote: | | Quote: |
But other problem appears. When I disconnect (I'm using ppp) and then connect after a while firewall blocks my whole connection. I have to run Guarddog and click ok (no changes of course) then I have to disconnect and connect again |
I'm sorry, I was unclear. It seems that there needs to be an adjustment when your ppp interface comes up that needs to be made to open up the firewall and whatnot. I'm not sure about how guardDog handles this kind of stuff, but one place you could potentially solve this problem is in a short postup() script in /etc/conf.d/net for you ppp interface. That way, when it comes up, you can either restart guarddog or adjust the rules. |
Hmm...but that problem appeared after changing some rules in Guarddog. Earlier I hadn't such problem.
Anyway, you said about a script. May you help me some more and tell what I should write in such script? |
|
| Back to top |
|
|
erik258
Advocate
Joined: 12 Apr 2005
Posts: 2650
Location: Twin Cities, Minnesota, USA
|
| Posted: Wed May 30, 2007 12:40 am Post subject: |
|
|
Firstly, if I knew guarddog changes broke it I would have suggested to try to fix it with them as well.
Secondly, the script would contain a line to execute iptables in a manner to change whichever table rule is dropping those packets you want to get through. To find out which that is, try using | Code: | | watch 'iptables -L -v; iptables -t nat -L -v;' |
to see where they're being dropped.
_________________
Configuring a Firewall? Try my iptables configuration
LinuxCommando.com is my blog for linux-related scraps and tidbits. Stop by for a visit! |
|
| Back to top |
|
|
|
Networking & Security
