firewall: fix nat module load for application layer gateways

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/config/rootfiles/core/101/filelists/files b/config/rootfiles/core/101/filelists/files
index 0f75ac841d11ee44ee48d9bf29fe960aede66a4f..32b333e9c3d60c49b4010e18ddbfc634378fb547 100644 (file)
--- a/config/rootfiles/core/101/filelists/files
+++ b/config/rootfiles/core/101/filelists/files
@@ -1,5 +1,6 @@
 etc/system-release
 etc/issue
+etc/rc.d/init.d/firewall
 srv/web/ipfire/cgi-bin/chpasswd.cgi
 srv/web/ipfire/cgi-bin/ipinfo.cgi
 srv/web/ipfire/cgi-bin/proxy.cgi

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index cb52670d6a5e42c5dbf7fd809fd1350d66a8a00d..be69fbe6adde0056d45cbc311bac48320e6c0854 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -98,6 +98,7 @@ iptables_init() {
 
        # SIP
        if [ "${CONNTRACK_SIP}" = "on" ]; then
+               modprobe nf_nat_sip
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                        -m helper --helper sip -j ACCEPT
                for proto in udp tcp; do
@@ -107,6 +108,7 @@ iptables_init() {
 
        # H.323
        if [ "${CONNTRACK_H323}" = "on" ]; then
+               modprobe nf_nat_h323
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                        -m helper --helper h323 -j ACCEPT
 
@@ -119,6 +121,7 @@ iptables_init() {
 
        # FTP
        if [ "${CONNTRACK_FTP}" = "on" ]; then
+               modprobe nf_nat_ftp
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                        -m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
                iptables -t raw -A CONNTRACK -p tcp --dport 21 -j CT --helper ftp
@@ -126,6 +129,7 @@ iptables_init() {
 
        # PPTP
        if [ "${CONNTRACK_PPTP}" = "on" ]; then
+               modprobe nf_nat_pptp
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                        -m helper --helper pptp -j ACCEPT
                iptables -t raw -A CONNTRACK -p udp --dport 1723 -j CT --helper pptp
@@ -133,6 +137,7 @@ iptables_init() {
 
        # TFTP
        if [ "${CONNTRACK_TFTP}" = "on" ]; then
+               modprobe nf_nat_tftp
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                        -m helper --helper tftp -j ACCEPT
                iptables -t raw -A CONNTRACK -p udp --dport 69 -j CT --helper tftp
@@ -140,6 +145,7 @@ iptables_init() {
 
        # IRC
        if [ "${CONNTRACK_IRC}" = "on" ]; then
+               modprobe nf_nat_irc
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                        -m helper --helper irc -j ACCEPT
                iptables -t raw -A CONNTRACK -p tcp --dport 6667 -j CT --helper irc
@@ -147,6 +153,7 @@ iptables_init() {
 
        # Amanda
        if [ "${CONNTRACK_AMANDA}" = "on" ]; then
+               modprobe nf_nat_amanda
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \
                        -m helper --helper amanda -j ACCEPT
                iptables -t raw -A CONNTRACK -p tcp -j CT --helper amanda