(extremely heavily snipped... :^) On Wednesday 05 February 2003 09:50 pm, mpboden wrote: > Basically, my problem centers around connecting to my ftp server from > the internet. To start, I've installed wu-ftpd and have the ftp server > operating properly when connecting to it via my internal network. I > can have guest users log in successfully and upload/download properly. > However, with the current iptables ruleset in place, no one can > connect to the server from the internet. The packets are being dropped > immediately, and users are not even being promted to enter in their > user name and password; they get a connection timed out error. As a >$IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT > $IPTABLES -A INPUT -i $EXTIF -p tcp --sport 21 -m state --state > NEW,ESTABLISHED -j ACCEPT The (real) short answer. The first rule above accepts any connection from the LAN, including FTP. The second one should be "--dport 21" to accept FTP connections FROM the internet. (You probably DON'T want to accept NEW connections FROM port 21 anyway...) The LONG answer is in a private email. :^) j
