Hello Everyone, I just have a few "entry-level" questions: #1 Just installed Redhat AS, and can't figure out why vsftpd doesn't work in passive mode. I have NEW tcp packets with --dport 21 -j to ACCEPT, and the following line -m state --state ESTABLISHED,RELATED -j ACCEPT that should jump RELATED ftp packets to accept too... ?right?? Well it doesn't work. #2 Disclaimer: this one is VAIN... after messing around with the nat table, I took out any reference to the nat table from my /etc/sysconfig/iptables but when I `/sbin/service iptables status` the nat table still prints with all of the chains empty... where does this info for the nat table persist? Thanx for your patience in swatting any confusion for me, Mike P.S. attaching iptable for reference concerning Q #1
# Firewall configuration written by redhat-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
