Enhancement #2937

Enable passive mode fax submission

Added by Filippo Carletti almost 7 years ago. Updated almost 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-hylafax
Target version:v6.5
Resolution: NEEDINFO:No

Description

hylafax protocol is very similar to ftp. It supports passive connections, but nethserver firewall should open the relevant dynamic port.
Some clients support only passive ftp (active has issues with personal firewalls) and can't connect with nethserver.

Associated revisions

Revision 26eb130f
Added by Filippo Carletti almost 7 years ago

add ftp_conntarck module config. Refs #2937

Revision 7dcd382b
Added by Giacomo Sanchietti almost 7 years ago

Merge branch 'filippocarletti-b2937'. Refs #2937

Revision 96f1c006
Added by Filippo Carletti almost 7 years ago

add nf_conntrack_ftp to lokkit. Refs #2937

History

#1 Updated by Filippo Carletti almost 7 years ago

To dynamically open nethserver firewall for passive ftp, we need to adjust connection tracking ftp helper configuration, declaring port 4559.

echo "options nf_conntrack_ftp ports=21,4559" >/etc/modprobe.d/hylafax.conf

#2 Updated by Filippo Carletti almost 7 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#3 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Filippo Carletti
  • % Done changed from 20 to 30

#4 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

Merged from Github.

#5 Updated by Filippo Carletti almost 7 years ago

Test cases:
  • make sure nethserver-firewall-base is not installed

ftp server 4559
ls -> success: see hylafax files
pass
ls -> fail:
227 Entering passive mode (192,168,1,x, 206,40)
ftp: connect: No route to host

--Update and reboot--

ftp server 4559
pass
ls -> success: see hylafax files

  • Install nethserver-firewall-base
  • Repeat tests above.

Note: to avoid reboot (but a reboot test would be good):

modprobe -r nf_conntrack_ftp
modprobe nf_conntrack_ftp

  • Install nethserver-vsftpd
    ftp server
    ls
    pass
    ls

#6 Updated by Giacomo Sanchietti almost 7 years ago

  • Assignee changed from Filippo Carletti to Giacomo Sanchietti

#7 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-hylafax-1.0.9-2.0git7dcd382b.ns6.noarch.rpm

#8 Updated by Giacomo Sanchietti almost 7 years ago

  • Assignee set to Giacomo Sanchietti

#9 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_QA to TRIAGED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 20

To enable hylafax access, add your IP to /var/spool/hylafax/etc/hosts.hfaxd:

echo 192.168.5.246 >> /var/spool/hylafax/etc/hosts.hfaxd
service hylafax restart

Test case 1: FAILED

  • After installing, the kernel module is not loaded
  • The module is not loaded even if after an ftp connection
  • The module is no loaded after reboot

Test case 2: SUCCESS

  • FTP passive mode on port 4559 work after installing package and after reboot

#10 Updated by Giacomo Sanchietti almost 7 years ago

You should create a fragment for lokkit configuration, something like:

cat /etc/e-smith/templates/etc/sysconfig/system-config-firewall/90hylafax
--addmodule=ip_conntrack_ftp

#11 Updated by Filippo Carletti almost 7 years ago

Fragment added. See pull request.

#12 Updated by Giacomo Sanchietti almost 7 years ago

  • Assignee set to Filippo Carletti

#13 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#14 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee changed from Filippo Carletti to Giacomo Sanchietti
  • % Done changed from 30 to 60

Merged from Github.

#15 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-hylafax-1.0.9-4.0git693abb4c.ns6.noarch.rpm

#16 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Test case 1

  • FTP in passive mode works fine
  • Conntrack module is loaded
    [root@localhost ~]# lsmod | grep conntrack_ftp
    nf_conntrack_ftp       12913  0 
    nf_conntrack           79758  4 nf_conntrack_ipv6,nf_conntrack_ftp,nf_conntrack_ipv4,xt_state
    
  • After reboot the module is loaded

Test case 2

  • All works fine (see previous note)
  • After reboot the module is loaded

#17 Updated by Giacomo Sanchietti almost 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-hylafax-1.0.10-1.ns6.noarch.rpm

Also available in: Atom PDF