Page MenuHomeVyOS Platform
Create Task
Maniphest T1011

FTP connection tracking slightly broken
Closed, ResolvedPublicBUG
Actions

Description

I upgraded a system from 1.1.8 to 1.2.0-rc7 and ftp connection tracking stopped working. The problem is easy enough to work around by running the following command anytime the router reboots:

echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper

However, this might be something to warn about?

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0-rc7
Why the issue appeared?
Will be filled on close

Related Objects
Search...

Event Timeline

bmtauer created this task.Nov 14 2018, 3:51 PM
syncer assigned this task to dmbaturin.Nov 15 2018, 12:53 AM
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc8); removed VyOS 1.2 Crux.
dmbaturin closed this task as Resolved.Nov 18 2018, 2:46 PM
bmtauer added a comment.Nov 20 2018, 1:53 AM

Unfortunately this is still not enabled in 1.2.0-rc8.

My guess at the problem is maybe the nf_conntrack_helper module is being loaded after the sysctl.d settings have already been applied? I found a workaround by adding the following to /config/scripts/vyatta-postconfig-bootup.script

Enable conntrack helper

modprobe nfnetlink_cthelper
echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper

pasik added a subscriber: pasik.Nov 20 2018, 8:20 AM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-rc8) board.Nov 20 2018, 12:45 PM
dmbaturin added a parent task: T1141: Conntrack helpers are no longer active by default.Dec 31 2018, 8:09 AM
dmbaturin mentioned this in T1141: Conntrack helpers are no longer active by default.Dec 31 2018, 8:38 AM
dmbaturin edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA2); removed VyOS 1.2 Crux (VyOS 1.2.0-rc8).Dec 31 2018, 11:31 AM
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-EPA2) board.Jan 3 2019, 1:54 PM
syncer added a project: VyOS-1.2.0-GA.Jan 25 2019, 2:38 PM