On 20 Dec 2022, at 17:29, ToddAndMargo via users
<users(a)lists.fedoraproject.org> wrote:
On 12/19/22 17:24, ToddAndMargo via users wrote:
> Hi All,
> # uname -r
> 6.0.12-300.fc37.x86_64
> I have tried googling this. I get tons of hits
> but nothing specific to FC37.
> Just noticed that I can not do:
> $ curl -v
ftp://ftp.adobe.com/pub/adobe/reader/win/AcrobatDC/ -o -
> * Connecting to 192.147.130.111 (192.147.130.111) port 18897
> Connection timed out
> (The above is a simplification of what I am actually
> running, but it shows the problem well,)
> FC 37 corked my iptables passive FTP rules, which worked
> perfectly under FC36
> Error message when restarting my iptables firewall:
> cat: /proc/sys/net/netfilter/nf_conntrack_helper:
> No such file or directory
> # dnf whatprovides nf_conntrack_helper
> Last metadata expiration check: 4:16:08 ago on Mon 19 Dec 2022 12:58:31 PM PST.
> Error: No matches found.
> Some other data, just in case you ask:
> # grep IPTABLES_MODULES /etc/sysconfig/iptables-config
> IPTABLES_MODULES=""
> IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack_tftp nf_nat_ftp
nf_nat_tftp"
> # lsmod | grep ftp
> nf_nat_tftp 16384 0
> nf_nat_ftp 20480 0
> nf_conntrack_tftp 20480 1 nf_nat_tftp
> nf_conntrack_ftp 24576 1 nf_nat_ftp
> nf_nat 57344 5
ip6table_nat,nf_nat_ftp,nf_nat_tftp,iptable_nat,xt_MASQUERADE
> nf_conntrack 167936 8
xt_conntrack,nf_nat,nf_conntrack_tftp,nf_nat_ftp,nf_nat_tftp,xt_helper,nf_conntrack_ftp,xt_MASQUERADE
> Yours in frustration,
> -T
I looked up nftables to see if I could get any hints:
https://serverfault.com/questions/958464/how-can-i-use-nftables-with-pass...
Below are rules for allowing passive FTP that
are not working.
/proc/sys/net/netfilter/nf_conntrack_helper is set to 1
So I really , really have to have something in place for
/proc/sys/net/netfilter/nf_conntrack_helper
I found this comment "But keep in mind this is considered a security vulnerability -
that's why newer kernels changed the default value of nf_conntrack_helper to
false." on
_______________________________________________
users mailing list -- users(a)lists.fedoraproject.org
To unsubscribe send an email to users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue