hylafax with UFW on Ubuntu

I’m experimenting with Hylafax on my ARM server. I got a seemgly working usb fax (Atlantis Land a01-pu3 v1.2) and I’m playing with it.

Hylafax has no problem recognizing the modem, and at first I opened port 4559 on the Hylafax server to permit comunication with the Hylafax client.
Unfortuntely I didn’t work. Disabling the firewall (ufw) got me in the right direction as the client worked again. I thus discovered that Hylafax uses FTP protocol on a non-standard port to communicate with the client. Thus opening the main port (4559 in Hylafax case) won’t help by itself alone.
To make a long story short: if you use ufw afaik you cannot enumerate the ftp ports to the nf_conntrack_ftp module, as you can just uncomment and specify the modules to load:


IPT_MODULES=”nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc”

in /etc/default/ufw.
The only way out I see without messing with ufw script and in a way that survives reboot is to open the Hylafax server port on ufw:

4559                       ALLOW   Anywhere

and specify the hylafax port into /etc/modprobe.d/options

options nf_conntrack_ftp ports=21,4559

rebooting or removing the module with modprobe -r and disabling and enabling ufw again with:

$ sudo ufw disable

$ sudo ufw enable

reloads the module with the nonstandard port. Now nf_conntrack_ftp know it has to track also port 4559 and the Hylafax client works again without disabling the firewall or installing shorewall(shorewall has an option to specify non-standard ports).
Using modprobe.d/options  seems to be somewhat deprecated but it works for now so I think I will live with it.

Thanks gdavidvlk for pointing me in the right direction

Update (23/10/2010): this works also on the client. Instead of opening everything toward the hylafax server to allow incoming connection, just follow the step above also on the client.