this : iptables -A FORWARD -i internal-interface -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP doesn't seem to work for active-ftp .. i even manualy loaded ip_conntrack_ftp but as u see it is unused : # lsmod Module Size Used by Not tainted ip_conntrack_ftp 4272 0 (unused) iptable_nat 17468 0 (autoclean) (unused) ipt_state 568 3 (autoclean) ip_conntrack 20616 3 (autoclean) [ip_conntrack_ftp iptable_nat ipt_state] ipt_LOG 3352 1 (autoclean) ipt_limit 1016 1 (autoclean) iptable_filter 1708 1 (autoclean) ip_tables 12408 7 [iptable_nat ipt_state ipt_LOG ipt_limit iptable_filter] ...... any idea why it doesn work... passive-ftp is ok.
