Help! How do I load ip_conntrack_ftp?

Posted: 2008/10/22 18:08:27
by ToddAndMargo
Hi All,

1) I am sitting on a CentOS 5.2 machine (customer is 4.6). Locate give me:

# locate ip_conntrack_ftp

Is this the official "ip_conntrack_ftp" module? And, should I see the same thing on
my customer's 4.6 machine?

2) how do I load the ip_conntrack_ftp module into Cent OS 4.6? Is this
the correct command?

modprobe ip_conntrack_ftp (Do I need to add any path to this command?)

3) do I have to load modprobe ip_conntrack_ftp every time I reboot and should I need to stick
whatever instruction you give me into my rc.local?

4) is there a sequence where ip_conntrack_ftp should be loaded before or after iptables starts?

Many thanks,

Re: Help! How do I load ip_conntrack_ftp?

Posted: 2008/10/25 03:14:22
by ToddAndMargo
To answer my own question and to help other:

Edit /etc/sysconfig/iptables-config and add the module to IPTABLES_MODULES.
The delimiter is a space. For example:

IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp"

Restart iptables with:
/etc/rc.d/init.d/iptables restart

Get ready to reboot as well. If the modules are not there, iptables will crash.
best do a
locate ip_nat_ftp
locate ip_conntrack_ftp
before attempting this.

Really easy. And it worked flawlessly at my customer's site. Her depreciated
ftp active mode code flowed in and out of NAT with the greatest of ease.

Hope this helps someone else,