On 6/16/05, Charles Curley <[EMAIL PROTECTED]> wrote: > If I use system-config-securitylevel to set up a minimum firewall, > allowing only SSH, FTP and DNS, DNS works fine. ncftp simply falls > back to port instead of passive mode, and continues to work. Yum fails > as follows:
Charles, I have your solution. > -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT Good, you're filtering on the RELATED state. Just modprobe ip_conntrack_ftp as root and you should be in ship shape. That kernel module will notice when an FTP PORT request is received and realize that the new data port is *related* to your FTP connection -- thus ACCEPT. This will only work for FTP sessions initiated from this server. If you're NATing other hosts behind this, then you'll need to look into the ip_nat_ftp.ko module. -Bryan .===================================. | This has been a P.L.U.G. mailing. | | Don't Fear the Penguin. | | IRC: #utah at irc.freenode.net | `==================================='
