FIAIF "breaking" WU ftp server's DIR command?

Paul Bijnens email hidden
Tue Jan 7 17:14:28 CET 2003

Benton Roberts wrote:
> Hello, all.
> I have been using FIAIF v.1.2.1-1 on RedHat 7.3 for awhile now, and have
> been quite happy with it. However, I recently installed wu-ftpd (on the same
> computer as FIAIF), and discovered a problem with any ftp clients in the
> 'EXT' zone. Specifically, they can't use the 'DIR' command to list the files
> on the ftp server. The ftp clients can log in, and can 'CD' to a directory,
> but when a 'DIR' request is issued, my system logs start showing dropped
> packet log entries like the following:
> Jan  7 10:34:16 myhostname kernel: DROP:IN=eth0 OUT=
> MAC=00:90:27:de:27:0f:00:e0:1e:5d:f7:7c:08:00 SRC=
> DST=<> LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=47731 DF
> PROTO=TCP SPT=4719 DPT=44609 WINDOW=32768 RES=0x00 SYN URGP=0

You should load the ip_conntrack_ftp kernel module (and if you are using 
NAT, also load the ip_nat_ftp module), and then it's all handled as
related traffic.  (Well, it worked for me...)

