RE: [Zope] iptables locks out zope ftp

6 Nov 2002


      Thanks for the hint

[root@piwebserver /]# lsmod | grep ip_conntrack_ftp
ip_conntrack_ftp        5216   0  [ip_nat_ftp]
ip_conntrack           22924   5  [ip_nat_ftp ip_conntrack_ftp ipt_state
ip_conntrack_irc iptable_nat]

Apparantly the order of doing things is very important

[root@piwebserver /]# rmmod ip_nat_ftp
[root@piwebserver /]# rmmod ip_conntrack_ftp
[root@piwebserver /]# insmod ip_conntrack_ftp ports=21,8021
Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
[root@piwebserver /]# insmod ip_nat_ftp ports=21,8021
Using /lib/modules/2.4.18-3smp/kernel/net/ipv4/netfilter/ip_nat_ftp.o

Restarted ip_tables
Launched a FTP session directly into Zope at 8021 and everything works fine
...
-----Oorspronkelijk bericht-----
Van: keo [mailto:keo@goa.hu]
Verzonden: zondag 3 november 2002 19:42
Aan: Roel Van den Bergh
Onderwerp: RE: [Zope] iptables locks out zope ftp
On Wed, 23 Oct 2002, Roel Van den Bergh wrote:
...
Thanks for the quick respond :-)
Tried this first without succes
# Load Modules
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_nat_ftp ports=21,8021
/sbin/modprobe ip_conntrack_ftp ports=21,8021
/sbin/modprobe ip_conntrack_irc
Then tried the following:
[root@server sbin]# rmmod ip_nat_ftp
[root@server sbin]# insmod ip_nat_ftp ports=21,8021
worked fine
but I do not seem to be able to do the same with ip_conntrack_ftp
[root@server sbin]# rmmod ip_conntrack_ftp
ip_conntrack_ftp: Device or resource busy
seems some other module is using it. what does lsmod say?
for me lsmod says for example:
ip_conntrack           12684   5  (autoclean) [ip_conntrack_irc
ip_conntrack_ftp ip_nat_ftp ipt_MASQUERADE iptable_nat]
which means ip_conntrack is used by 5 modules (ip_conntrack_irc
ip_conntrack_ftp ip_nat_ftp ipt_MASQUERADE iptable_nat)
if lsmod | grep ip_conntrack_ftp says:
ip_conntrack_ftp        3200   0  (unused)
then its unused, and some other thing may be there.
perhaps if you have an active connection, which uses ip_conntrack_ftp it
wont let it be removed. check with lsof, for example, what is using which
file , device, or port.
(lsof=list open files)
keo
--
don't believe everything you think