OpenVZ Forum: Users » openvz and ftp connection tracking for non-default ports

Home » Mailing lists » Users » openvz and ftp connection tracking for non-default ports

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

openvz and ftp connection tracking for non-default ports [message #46496]

Thu, 24 May 2012 07:44

David Oppermann
Messages: 1
Registered: May 2012

Junior Member

Hello,

I've got a hylafax install inside an openvz container. Now I'd like to run
a firewall as well.

I load the firewall modules for ftp connection tracking on the host machine
and with the following line in the containers config file:

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit
ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl
ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack
ip_tables"

Now my Problem is that it works for Port 21 only and I'm unable to set the
parameters for the module.

Is there a way to set the parameters for the ftp connection tracking module
like "ports=21,4559"?
With best regards

David Oppermann
Voip Engineer // voip@sil.at // Tel 059944-2440 //
---------------------------------------------------------
SILVER SERVER GmbH - a Tele2 Company //
Donau-City-Strasse 11 // A-1220 Wien //
Fax 059944-9000 // www.sil.at //
FN 204414i // Handelsgericht Wien // UID ATU 51064903 //
---------------------------------------------------------

Report message to a moderator

Re: openvz and ftp connection tracking for non-default ports [message #46816 is a reply to message #46496]

Mon, 18 June 2012 08:32

mator
Messages: 2
Registered: February 2009
Location: moscow

Junior Member

On Thu, May 24, 2012 at 11:44 AM, David Oppermann <dop@sil.at> wrote:
> Hello,
>
> I've got a hylafax install inside an openvz container. Now I'd like to run
> a firewall as well.
>
> I load the firewall modules for ftp connection tracking on the host machine
> and with the following line in the containers config file:
>
> IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit
> ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl
> ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack
> ip_tables"
>
> Now my Problem is that it works for Port 21 only and I'm unable to set the
> parameters for the module.
>
> Is there a way to set the parameters for the ftp connection tracking module
> like "ports=21,4559"?

modprobe ip_conntracl_ftp ports=21,2021,3021
modprobe ip_nat_ftp ports=21,2021,3021

(see "modinfo ip_conntrack_ftp")

Report message to a moderator

Previous Topic:	Re:: loop devices in CT still not allowed ?
Next Topic:	a newbie question

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Nov 04 04:34:34 GMT 2025

Total time taken to generate the page: 0.12920 seconds