[Firehol-support] Errors when running firehol

Jason Miller jason at milr.com
Tue Jan 27 18:29:22 CET 2015


Since I found the answer, and previously found 2 similar questions
through google with no answer, I figured I'd answer it here for
posterity.

I needed the module xt_helper loaded, which is controlled by
CONFIG_NETFILTER_XT_MATCH_HELPER and only is available as an option if
you select "advanced configuration of netfilter" in the kernel
configuration.

-Jason
On 01:10 Sun 25 Jan     , Jason Miller wrote:
> On 08:22 Sun 25 Jan     , Phil Whineray wrote:
> > On Sat, Jan 24, 2015 at 04:02:54PM -0800, Jason Miller wrote:
> > > On 18:06 Sat 24 Jan     , Phil Whineray wrote:
> > > > On Sat, Jan 24, 2015 at 09:56:47AM -0800, Jason Miller wrote:
> > > > > On 09:32 Sat 24 Jan     , Phil Whineray wrote:
> > > > > >   /sbin/iptables -t filter -A OUTPUT -m helper --helper ftp -j ACCEPT
> > > > > > 
> > > > > doesn't work; nf_conntrack_ftp is definitely loaded, see below
> > > > 
> > > > I see nf_nat_ftp is not in your list. I don't know for sure that is the
> > > > cause but could you try:
> > > > 
> > > >   modprobe nf_nat_ftp
> > > > 
> > > > then re-do the iptables command.
> > > Tried that, no change.
> > 
> > The inability to run that command is definitely the problem but I'm
> > stumped, sorry.
> > 
> > My only last debugging suggestion is to try a stock kernel (do gentoo
> > even do those) to check that it works.
> > 
> > Perhaps you can find some help to resolve the iptables problem on the
> > netfilter user mailing lists?
> >   http://www.netfilter.org/mailinglists.html
> Thanks for bearing with me this long; I'll ask there.
> > 
> > Cheers
> > Phil
> > 
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
> 


More information about the Firehol-support mailing list