problem with passive-ftp when both the irc and the ftp modules are loaded.

[Martin Josefsson]

Hi

As the subject say, I'm seeing some problems here.

I load the ftp modules (ip_conntrack_ftp, ip_nat_ftp) to be able to
control my firewall a little better. And evreything works fine, both
active and passive ftp works fine (this is not from a machine thats routed
or NAT'ed through the problem box, it's directly on the box)

then I want support for irc DCC so I load ip_conntrack_irc and ip_nat_irc
now DCC works too and I'm happy, until I try to run 'apt-get update' which
uses passive ftp. And it doesn't work, it gets stuck.
So I do some testing with ncftp, setting it to passive ftp, and discover
that it starts to work when I remove the ip_nat_irc module
(I've already disabled my firewall, so there's no configuration error
there)

from the beginning I had:

ip_conntrack_ftp
ip_nat_ftp
ip_conntrack_irc
ip_nat_irc

loaded, then I started to look for errors.

I removed ip_nat_irc and ip_conntrack_irc and passive ftp works again
then I insert ip_conntrack_irc and it still works, then I insert
ip_nat_irc and it stops.

then I remove ip_conntrack_irc, I have these modules loaded now:

ip_conntrack_ftp
ip_nat_ftp
ip_nat_irc

and passive ftp doesn't work.

Now I remove all these modules, then passive ftp works, as expected.
then I insert ip_conntrack_ftp, and passive ftp still works.
then I insert ip_nat_irc and it stops.

then I tested with only ip_nat_irc loaded and ftp works fine.

So the problem occurs when ip_conntrack_ftp and ip_nat_irc is loaded at
the same time.

Does anyone have any ideas? need tcpdumps?

/Martin

The three best things about going to school are June, July, and August.