Page MenuHomePhabricator

FTP connection tracking slightly broken
Closed, ResolvedPublicBUG

Description

I upgraded a system from 1.1.8 to 1.2.0-rc7 and ftp connection tracking stopped working. The problem is easy enough to work around by running the following command anytime the router reboots:

echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper

However, this might be something to warn about?

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0-rc7
Why the issue appeared?
Will be filled on close

Event Timeline

bmtauer created this task.Nov 14 2018, 3:51 PM
syncer assigned this task to dmbaturin.Nov 15 2018, 12:53 AM
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc8); removed VyOS 1.2 Crux.
dmbaturin closed this task as Resolved.Nov 18 2018, 2:46 PM

Unfortunately this is still not enabled in 1.2.0-rc8.

My guess at the problem is maybe the nf_conntrack_helper module is being loaded after the sysctl.d settings have already been applied? I found a workaround by adding the following to /config/scripts/vyatta-postconfig-bootup.script

Enable conntrack helper

modprobe nfnetlink_cthelper
echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper

pasik added a subscriber: pasik.Nov 20 2018, 8:20 AM