[Firehol-support] Errors when running firehol

Jason Miller jason at milr.com
Sun Jan 25 00:02:54 GMT 2015


On 18:06 Sat 24 Jan     , Phil Whineray wrote:
> On Sat, Jan 24, 2015 at 09:56:47AM -0800, Jason Miller wrote:
> > On 09:32 Sat 24 Jan     , Phil Whineray wrote:
> > > 
> > > This command is successful for me:
> > >   /sbin/iptables -t filter -A OUTPUT -m conntrack --ctstate \
> > >      ESTABLISHED,RELATED -m helper --helper ftp -j ACCEPT
> > > 
> > > I expect that the iptables command will fail for you with the same error
> > > as reported via firehol.
> > yup
> > > 
> > > You can then try to see if it is conntrack / ftp helper / both:
> > >   /sbin/iptables -t filter -A OUTPUT -m conntrack --ctstate \
> > >      ESTABLISHED,RELATED -j ACCEPT
> > works
> > >   /sbin/iptables -t filter -A OUTPUT -m helper --helper ftp -j ACCEPT
> > > 
> > doesn't work; nf_conntrack_ftp is definitely loaded, see below
> 
> I see nf_nat_ftp is not in your list. I don't know for sure that is the
> cause but could you try:
> 
>   modprobe nf_nat_ftp
> 
> then re-do the iptables command.
Tried that, no change.

-Jason



More information about the Firehol-support mailing list