You must load insmod ip_conntrack_ftp otherwise it won't work without it.. you must also add a rule similar to this.. iptables -A INPUT -p tcp --m state RELATED -j ACCEPT You must use RELATED as the connection is related to an existing ftp session on port 21. ip_conntrack_ftp knows the connection and port you negotiated with the ftp server and allows it.. hope that helps.. there's so many scripts out there which shows this info. -----Original Message----- From: Eric Constantineau [mailto:mekanik@xxxxxxxxx] Sent: Fri 23-May-03 6:56 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Cc: Subject: passive mode ftp
