Thanks Antony, I got it. Once nat and conntrack helpers are implemented correctly, I don't have to worry about it anymore :-) There is one last thing, though(I promise it's the last one ;-) When I said that only port 21 is open I meant that on the router machine only this port accepts NEW client connections. The other ports will accept only ESTABLISHED and RELATED. I defined this in my INPUT rules. Do I need to accept NEW client connections to port 20 as well ? I know it's used for active FTP and I thought FTP client never sends NEW to port 20, only ESTABLISHED. What do you think? I appreciate your help __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/
