Enhancement #2937
Enable passive mode fax submission
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-hylafax | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
hylafax protocol is very similar to ftp. It supports passive connections, but nethserver firewall should open the relevant dynamic port.
Some clients support only passive ftp (active has issues with personal firewalls) and can't connect with nethserver.
Associated revisions
add ftp_conntarck module config. Refs #2937
Merge branch 'filippocarletti-b2937'. Refs #2937
add nf_conntrack_ftp to lokkit. Refs #2937
History
#1 Updated by Filippo Carletti almost 7 years ago
To dynamically open nethserver firewall for passive ftp, we need to adjust connection tracking ftp helper configuration, declaring port 4559.
echo "options nf_conntrack_ftp ports=21,4559" >/etc/modprobe.d/hylafax.conf
#2 Updated by Filippo Carletti almost 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#3 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Filippo Carletti
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
Merged from Github.
#5 Updated by Filippo Carletti almost 7 years ago
- make sure nethserver-firewall-base is not installed
ftp server 4559
ls -> success: see hylafax files
pass
ls -> fail:
227 Entering passive mode (192,168,1,x, 206,40)
ftp: connect: No route to host
--Update and reboot--
ftp server 4559
pass
ls -> success: see hylafax files
- Install nethserver-firewall-base
- Repeat tests above.
Note: to avoid reboot (but a reboot test would be good):
modprobe -r nf_conntrack_ftp modprobe nf_conntrack_ftp
- Install nethserver-vsftpd
ftp server
ls
pass
ls
#6 Updated by Giacomo Sanchietti almost 7 years ago
- Assignee changed from Filippo Carletti to Giacomo Sanchietti
#7 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-hylafax-1.0.9-2.0git7dcd382b.ns6.noarch.rpm
#8 Updated by Giacomo Sanchietti almost 7 years ago
- Assignee set to Giacomo Sanchietti
#9 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_QA to TRIAGED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 20
To enable hylafax access, add your IP to /var/spool/hylafax/etc/hosts.hfaxd
:
echo 192.168.5.246 >> /var/spool/hylafax/etc/hosts.hfaxd service hylafax restart
Test case 1: FAILED
- After installing, the kernel module is not loaded
- The module is not loaded even if after an ftp connection
- The module is no loaded after reboot
Test case 2: SUCCESS
- FTP passive mode on port 4559 work after installing package and after reboot
#10 Updated by Giacomo Sanchietti almost 7 years ago
You should create a fragment for lokkit configuration, something like:
cat /etc/e-smith/templates/etc/sysconfig/system-config-firewall/90hylafax --addmodule=ip_conntrack_ftp
#11 Updated by Filippo Carletti almost 7 years ago
Fragment added. See pull request.
#12 Updated by Giacomo Sanchietti almost 7 years ago
- Assignee set to Filippo Carletti
#13 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#14 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee changed from Filippo Carletti to Giacomo Sanchietti
- % Done changed from 30 to 60
Merged from Github.
#15 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-hylafax-1.0.9-4.0git693abb4c.ns6.noarch.rpm
#16 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Test case 1
- FTP in passive mode works fine
- Conntrack module is loaded
[root@localhost ~]# lsmod | grep conntrack_ftp nf_conntrack_ftp 12913 0 nf_conntrack 79758 4 nf_conntrack_ipv6,nf_conntrack_ftp,nf_conntrack_ipv4,xt_state
- After reboot the module is loaded
Test case 2
- All works fine (see previous note)
- After reboot the module is loaded
#17 Updated by Giacomo Sanchietti almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
- nethserver-hylafax-1.0.10-1.ns6.noarch.rpm