Sunday, November 20, 2005

 

CentOS (or RHEL or Fedora) and system-config-securitylevel

So, if you enable FTP and expect that to just work... Think again. You have to edit /etc/iptables-config. The first line has a note about other modules to load. If the machine is a NAT firewall, adding ip_nat_ftp is needed. If it's just a regular endpoint, ip_conntrack_ftp will do the trick. This dynamically opens the ports needed for FTP passive (PASV) connections.

This public service announcement has been brought to you by things that should just work but don't.

Comments: Post a Comment

Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?