On Thursday 22 February 2007, [EMAIL PROTECTED] wrote: > David Baron <[EMAIL PROTECTED]> wrote: > > Compiled it taking all the defaults on new features. It boots just fine > > but has fatal ip_tables errors over and over missing this item. Cannot > > connect to internet. > > > > Any ideas? Do I need this and why? > > > > Google had something about setting: modprobe ip_conntrack_ftp > > ports=21,2121 if compiled as a module. So I set the previously unset > > constant=m and am recompiling. Where would I specify the modprobe > > arguments? > > Can't you just add the command into your iptables startup script? I mean, > as far as I know your should should just be shell commands. I know mine has > it in it, not exactly the same but: > > #!/bin/sh > #set policy on input chain in default (filter) table to drop > iptables -P INPUT DROP > #flush input chain > iptables -F INPUT > #load the ftp connection tracker module (otherwise active mode ftp won't > work) modprobe ip_conntrack_ftp > #accept traffic from established and related connections > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > #allow automatic wireless connection > iptables -A INPUT -i lo -j ACCEPT > #accept traffic for our webserver > iptables -A INPUT -p tcp --dport 8080 -j ACCEPT > #accept traffic for zsnes > iptables -A INPUT -p tcp --dport 7845 -j ACCEPT
My iptables init.d script has NO modprobe at all. I found a modprobe for this module in /etc/rc.firewall and /etc/rc.firewall~ which relates to guarddog. I can append the ports= there, see what happens in 2.6.18 reboot and 2.6.20 reboot. Might need to test uname -r for 2.6.20? iptable and related stuff seems to be touched/loaded several times during bootup, followed by guarddog itself. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
