OpenVZ Forum


Home » General » Support » IP Conntrack FTP in VE (Debian Lenny)
Re: IP Conntrack FTP in VE [message #39136 is a reply to message #39131] Thu, 18 March 2010 08:19 Go to previous messageGo to previous message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member
found your post on:

http://www.linux-forum.de/iptables-und-ftp-und-logprobleme-b er-openvz-auf-hn-deb-lenny-34622.html

> IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS ipt_REDIRECT xt_mac ipt_owner"

esp. ipt_state is an alias, too

# modinfo xt_state
filename: /lib/modules/2.6.26-2-openvz-amd64/kernel/net/netfilter/xt_s tate.ko
alias: ip6t_state
alias: ipt_state
(...)

but a xt_state is not show in you ct config, but used (ip_targets_match : state) Wink

loaded kmod module in ct0 (=hardwarenode) can be used in ct without configuration.

for debuging:

- load ipt ruleset in ct
- make a connection to your ct via ftp:
- track entries on ct0 and ct in the /proc/net/ip_conntrack

Bye,
Thorsten

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: sniffing with tcpdump
Next Topic: ip_conntrack_ftp Not Working in Container
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Nov 08 19:17:55 GMT 2025

Total time taken to generate the page: 0.09589 seconds
Powered by FUDforum Powered by Virtuozzo Containers