> Sorry to post the same question again .... I am at a loss as > to what to put for rules for my ftp server (which is behind > the firewall). > I know they go on the forward chain .... > There are going to be people connecting to it with a username > / password and also anonymously from outside ... > > My main question I guess is should I set it up for passive or > active transfers .... > Or, does the RELATED option take care of those problems > Use ip_conntrack_ftp and ip_nat_ftp. Something like (with information from your previous post) : modprobe ip_conntrack_ftp modprobe ip_nat_ftp $IPT -P FORWARD DROP $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT $IPT -A FORWARD -i eth0 -o eth1 -d <ip_ftpsvr> -p tcp \ --dport 21 --j ACCEPT $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 21 \ -j DNAT <ip_ftpsvr> Gr, Rob
