yep my config is very similar i.e. :
iptables -N block iptables -A block -i $ifInt0 -j ACCEPT iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -j DROP
iptables -A INPUT -i $ifWan0 -j services iptables -A FORWARD -i $ifWan0 -j services iptables -A INPUT -j block iptables -A FORWARD -j block
I added also this (do I really need it in my config I'm allowing everything from inside anyway):
iptables -A block -m state --state NEW -i ! $ifWan0 -j ACCEPT
after ESTABLISHED,RELATED but still can do active FTP
"services" is for giving access to wellknown services... I'm not using NAT
I am not sure what's wrong.
Are you running an FTP server or just trying to access one on the internet from behind the firewall ?
Andy.
<snip>
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
