[Chilli] Coova and FTP

Iacopo Spalletti serverinfo at iast.it
Mon May 17 17:40:58 UTC 2010


Hi, i'm trying to setup the firewall on a coova board, but apparently Coova 
doesn't go along well with FTP conntrack module in Linux
I have a shorewall-based firewall on the same host as coova which is basically 
configured to block every connection except some destination ports (HTTP, and 
such)
As for FTP protocol rules are based on conntrack helper, but apparently it 
can't detect connections routed via coova; this is the shorewall error message
Shorewall:wlan2net:REJECT:IN=tun0 OUT=eth3 SRC=10.34.0.2 DST=$DEST_IP LEN=60 
TOS=0x00 PREC=0x00 TTL=63 ID=51861 DF PROTO=TCP SPT=41279 DPT=65162 
WINDOW=5840 RES=0x00 SYN URGP=0

Where $DEST_IP is the FTP server on the internet, and the destination port is 
the passive FTP

I've tried both svn (rev 322) and 1.2.2 version with no success; i tried alse 
enabling the NOTRACK options in 
Any hint?

BTW: Disabling coova makes FTP work, and nf_conntrack_ftp is loaded correctly 
in both cases
-- 

Regards
Iacopo Spalletti


More information about the Chilli mailing list