On Fri, 15 Apr 2005, Brian Kelsay wrote:
ip_conntrack_ftp is a kernel module, but I'm not sure if it is on my firewall or not. A person could just check "lsmod" to see if it is loaded or "modprobe ip_conntrack_ftp" to initiate. Where in the kernel options is the support for this module? Under networking perhaps?
It's pretty buried in 2.6 -
-> Device Drivers -> Networking support -> Networking support (NET [=y]) -> Networking options -> Network packet filtering (replaces ipchains) (NETFILTER -> IP: Netfilter Configuration
My understanding of the ip_conntrack_ftp module is that it allows ftp connections from masqueraded IPs. In fact, I know that it does this, I don't know what else it might do. It is not necessary if you're ftp-ing with a real internet IP address.
Regards
-Don