On Thu, 2005-01-27 at 04:22, TestMail wrote: > Try this one : > > modprobe ip_conntrack_ftp > modprobe ip_nat_ftp > > iptables -t nat -A PREROUTING -i $EXT_IF -p tcp -d $PUBLICIPADD \ > --dport 21 -j DNAT --to-destination $LOCALADDOFFTP yes. > iptables -A FORWARD -i $EXT_IF -o $INT_IF -p tcp --syn -d $LOCALADDOFFTP > \ --dport 21 -j ACCEPT yes. > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # This is > the stateful inspection command. bzzzzzzzt. how about: iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT -j -- "Well, I'm tired of being a wannabe league bowler. I wanna be a league bowler!" --The Simpsons
