Learned Something New

As anyone who as worked with Linux, iptables, and ftp knows, firewalls and ftp can cause issues. I already knew that if I was using iptables I should use the ip_conntrack_ftp kernel module. So I had added “insmod ip_conntrack_ftp” to the /etc/rc.local file so it was inserted at boot. However what I didn’t think about was that when you restart iptables, it unloads the ip_conntrack_ftp module but does not add it back. So I made a change to the firewall, restarted iptables, and ftp access to the box was broken. The fix for me was to edit /etc/rc.d/init.d/iptables and add ip_conntrack_ftp to the line IPTABLES_MODULES=”” like so IPTABLES_MODULES=”ip_conntrack_ftp”. Now when I restart iptables the connection tracking gets reloaded and everyone is happy.