I'm having a problem with ftp. My ftp-data is not passing through my firewall. I have configured the firewall for MASQ and ALL policys are set to ACCEPT (I know unsecure Im just trying to get it to work first). Anyway, I have ip_conntrack_ftp loaded and I can connect through the firewall and pwd but of course when I ls or data transfer I get errors. ftp client error Illegal PORT command or data connection refused. And dmesg says max number of expected connections. My iptables lists looks like this bash-2.05# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination bash-2.05# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- anywhere anywhere to:x.x.x.x Chain OUTPUT (policy ACCEPT) target prot opt source destination lsmod: bash-2.05# lsmod Module Size Used by ip_conntrack_ftp 3856 0 (unused) vhub 9664 0 (unused) iptable_nat 14432 1 (autoclean) ip_conntrack 16656 2 (autoclean) [ip_conntrack_ftp iptable_nat] iptable_filter 1760 1 (autoclean) via-rhine 12768 1 eepro100 18432 1 mii 2160 0 [via-rhine eepro100] pcmcia_core 40608 0 doc 146464 1 why does my ftp data still get block/dropped ??? if I switch the ftp client to passive it works fine but I need it to work both ways... Britt Tabor Edge Access, Inc. btabor@xxxxxxxxxxxxxx http://www.edgeaccess.net 813.594.6142 Voice 813.249.1126 Fax
