I've been struggling with my firewall and getting vsftp to work in passive mode. It seems that everything on this hosting server works just fine without the eth0 entry in my iptables except for vsftp in passive. Am I opening up too much by adding the eth0 line? -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT <---- THIS ENTRY -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 20 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 25 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 110 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 443 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 465 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 587 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 995 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 5561 --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited TIA! John Hinton