I have a problem allowing forwarding of passive internal ftp traffic and, at the same time disallowing ms-streaming (port 1755). Whenever I allow the passive ftp, it also allows ms-streaming going through. My rules are: iptables -A FORWARD -m state --state NEW,ESTABLISHED -s local_lan --sport highports --dport ftp -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -s local_lan --sport highports --dport highports -j ACCEPT ms-streaming is a highport (1024:) but as there are no NEW in the second rule, it should not apply to new ms-streaming connections. Any idears Bo Jacobsen
