iptables fails to load nf_conntrack_ftp
Try issuing the following:
modprobe ip_conntrack & modprobe ip_conntrack_ftp
Then substitute nf_conntrack_ftp
with ip_conntrack_ftp
in your iptables configuration.
Related videos on Youtube
user1780242
Updated on September 18, 2022Comments
-
user1780242 almost 2 years
I have recently had to rebuild my iptables configuration and when I run
service iptables restart
I now receive the following error line:
iptables: Loading additional modules: nf_conntrack_ftp [FAILED]
My iptables-config file includes the following line:
IPTABLES_MODULES="nf_conntrack_ftp"
When I run modprobe nf_conntrack_ftp the response is:
FATAL: Module nf_conntrack_ftp not found.
Here's my iptables file:
Table: mangle Chain PREROUTING (policy ACCEPT) num target prot opt source destination
Chain INPUT (policy ACCEPT) num target prot opt source
destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:8447 2 ACCEPT tcp -- 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:8443Chain FORWARD (policy ACCEPT) num target prot opt source
destinationChain OUTPUT (policy ACCEPT) num target prot opt source
destinationChain POSTROUTING (policy ACCEPT) num target prot opt source
destinationTable: filter Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED 2 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 3 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW 4 DROP tcp -- 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x3F 5 ACCEPT all -- 0.0.0.0/0
0.0.0.0/0 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:443 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:25 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:995 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:143 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:993 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:110 14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:465 15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:8181 16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:8443 17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0Chain FORWARD (policy ACCEPT) num target prot opt source
destinationChain OUTPUT (policy ACCEPT) num target prot opt source
destinationIt seems nf_conntrack_ftp isn't loading -- how do I load this?
-
Craig Miskell over 9 yearsLast time I saw something similar, it was on Ubuntu, and someone had uninstalled the current kernel package, thus removing the module from /lib/modules/<version>/. Is this perhaps what's happened here?
-
Michael Hampton over 9 yearsPlease post the output of the
virt-what
command (install it if it isn't present). -
Michael Hampton over 9 yearsYou'll need to contact your VPS provider, then.
-
Zdenek about 6 yearsMy understanding is that nf_conntrack_ftp operates on its own without needing any iptables config. Try
lsmod | grep conntrack
to see if it's loaded; if not, find the file on your drive (it may have the.ko
extension), change to that directory and use insmod or modprobe on that file including any extension. Check/etc/modules-load.d/nf_conntrack_ftp.conf
for any mistakes. If the file doesn't exist, it will simply monitor port 21.
-
-
user1780242 almost 8 yearsIf you would kindly delete your response, I would like to delete my question. Thanks for the help.
-
Timo over 3 yearsI get the error with
ufw enable
, what can I do?