> I compiled a kernel without any modules ( all these are in vmlinuz ) an > I use the very basic ftp client from coreutils ( so normally this does > not initiate passive connections ). > > So what do I have to do ??? go look in your config file that you used to compile your kernel. did you set CONFIG_IP_NF_CONNTRACK (i assume you did) and CONFIG_IP_NF_FTP (this is connection tracking for FTP)? if not...i see a make config && make dep clean bzImage install in your future... use an FTP client that allows you to switch between active and passive mode on the fly so you can determine what is and is not working. i use ncftp, which supports 'set passive on|off'... the basic "ftp" command that ships with FC1 supports switching back and forth with the 'passive' command. the way your rules are set up, *active* FTP should be working. also--please rethink this: > $nat --policy PREROUTING DROP > $nat --policy OUTPUT DROP > $nat --policy POSTROUTING DROP > > $mangle --policy PREROUTING DROP > $mangle --policy OUTPUT DROP you'll never get anything working with those set to DROP (relatively speaking)... -j
