Hi I'm new to iptable-firewalling and hope someone is able to give some advice. I'm using redhat 8.0 with proftpd as ftp server and iptables as firewall. I wrote a rule in iptables to open port 21. So connecting to my ftp server via active mode works just fine. But if a client which itself lies behind a firewall tries to use pasv mode, the connection doesn't work. I guess I need to put in a new iptable rule or something, because if I shutdown iptables pasv also works. I read that I need to open port 20 and some ports like 64500:65535, and that I need to use ip_conntrack and ip_conntrack_ftp? Maybe someone has a HowTo? Thanks Denis J.
