Kristof Hardy schrieb:>
> Hello ,
>
> Regarding a previous post in this group. (see below)
> Does anyone know how I can change the options for ipnat_ftp or
> ip_conntrack_ftp when I don''t load them as modules but have them
> compiled in the kernel?
>
> I''ve been looking on google since long now, but can''t
seem to find it.
>
> Any idea, anyone? I have added these ''options'' and did a
network
> restart, but it doesn''t seem to work. Maybe I have to restart ? Or
put
> the options somewhere else?
AFAIK if not loading as a module, you can only set this at compile time
or via kernel parameter. Maybe I''m completely wrong but IIRC
it''s not
possible to do it on the fly.
Simon
>
> >> As of know I have to leave ports 2000-2100 open, my ftp server
uses
> >> those for pasv connections, Id rather use the ip_conntrack_ftp
> >> Option tho. Is it of any matter that my ftp server uses a non
> >> standard port (24562) ??
> >Er -- just how do you think ip_conntrack_ftp knows that port 24562 is
FTP
> > unless you tell it?
> >In /etc/modules.conf (or whatever your distro calls it), add:
> >options ip_nat_ftp ports=3D21,24562
> >options ip_conntrack_ftp ports 21,24562
> >And, you will have to unload/reload those two modules.
>
> Oh yeah, reason why I''m asking this, I''d like to put some
DMZ
> ftp-servers on a different port then 21.
>
> Thanks in advance..
>
> --
> Best regards,
> Kristof mailto:kristof.hardy@catsanddogs.com
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@shorewall.net
> http://www.shorewall.net/mailman/listinfo/shorewall-users