IP Conntrack FTP in VE [message #37609] |
Wed, 30 September 2009 15:49 |
ulver
Messages: 12 Registered: July 2008
|
Junior Member |
|
|
Hello everybody,
I'm trying to have ftp access (in passive mode) to a VE protected by iptables.
On a physical server, i can get this working by enabling ip_conntrack & ip_conntrack_ftp but i doesn't work in the VE.
I've already read this :
http://forum.openvz.org/index.php?t=msg&goto=13133&
But it doesn't work for me
# uname -r
2.6.26-2-openvz-amd64
# cat /etc/debian_version
5.0.2
# grep IPTABLES /etc/vz/vz.conf
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state ip_conntrack_ftp ip_conntrack"
# cat /etc/modules
[...]
loop
ip_conntrack
ip_conntrack_ftp
# lsmod | grep connt
nf_conntrack_ftp 12728 0
nf_conntrack_ipv4 24352 16 iptable_nat,nf_nat
nf_conntrack 82688 5 nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
I manage to connect to the VE by ftp, but the DIR command doesn't work (the port is blocked on the VE by the firewall : the ip conntrack ftp doesn't seem to work ).
If you have any idea...
Thanks in advance
[Updated on: Wed, 30 September 2009 15:59] Report message to a moderator
|
|
|