> > > I have a problem allowing forwarding of passive internal ftp traffic > > > and, at the same time disallowing ms-streaming (port 1755). > You are right, of course, there are a lot more rules, but those are the > ones that opens up ms-streaming traffic. Well, the complete set of rules > I use for passive ftp is actually: > > # Accept port 21 out I don't understand why you need any highport/lowport stuff. I think the only time port numbers need to be considered are 21 and 1755 ?? ftp is something that works anyway. So isn't it just a matter of stopping packets heading to port 1755 (UDP/TCP)? -- forum@xxxxxxxxxxxxx
