OpenVZ Forum


Home » Mailing lists » Users » openvz and ftp connection tracking for non-default ports
openvz and ftp connection tracking for non-default ports [message #46496] Thu, 24 May 2012 07:44 Go to next message
David Oppermann is currently offline  David Oppermann
Messages: 1
Registered: May 2012
Junior Member
From: *parallels.com
Hello,

I've got a hylafax install inside an openvz container. Now I'd like to run
a firewall as well.

I load the firewall modules for ftp connection tracking on the host machine
and with the following line in the containers config file:

IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit
ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl
ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack
ip_tables"

Now my Problem is that it works for Port 21 only and I'm unable to set the
parameters for the module.

Is there a way to set the parameters for the ftp connection tracking module
like "ports=21,4559"?
With best regards

David Oppermann
Voip Engineer // voip@sil.at // Tel 059944-2440 //
---------------------------------------------------------
SILVER SERVER GmbH - a Tele2 Company //
Donau-City-Strasse 11 // A-1220 Wien //
Fax 059944-9000 // www.sil.at //
FN 204414i // Handelsgericht Wien // UID ATU 51064903 //
---------------------------------------------------------
Re: openvz and ftp connection tracking for non-default ports [message #46816 is a reply to message #46496] Mon, 18 June 2012 08:32 Go to previous message
mator is currently offline  mator
Messages: 2
Registered: February 2009
Location: moscow
Junior Member
From: *parallels.com
On Thu, May 24, 2012 at 11:44 AM, David Oppermann <dop@sil.at> wrote:
> Hello,
>
> I've got a hylafax install inside an openvz container.  Now I'd like to run
> a firewall as well.
>
> I load the firewall modules for ftp connection tracking on the host machine
> and with the following line in the containers config file:
>
> IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit
> ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl
> ipt_length ipt_state iptable_nat ip_nat_ftp ip_conntrack_ftp ipt_conntrack
> ip_tables"
>
> Now my Problem is that it works for Port 21 only and I'm unable to set the
> parameters for the module.
>
> Is there a way to set the parameters for the ftp connection tracking module
> like "ports=21,4559"?

modprobe ip_conntracl_ftp ports=21,2021,3021
modprobe ip_nat_ftp ports=21,2021,3021

(see "modinfo ip_conntrack_ftp")
Previous Topic: Re:: loop devices in CT still not allowed ?
Next Topic: a newbie question
Goto Forum:
  


Current Time: Thu Jul 19 00:12:52 GMT 2018