Hi All, I have a ftp server running on the box connected to the internet with iptables. I would like to allow ftp passive connections.I have done the following and it does not want to work: iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT I have done the following and it works but it is not passive: iptables -A INPUT -p tcp -m multiport --dport 20 -j ACCEPT iptables -A INPUT -p tcp -m multiport --dport 21 -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT What are the best rules to allow ftp passive connections? I also did load ip_conntrack_ftp. Thanks Regards _____________________________________________________________________ For super low premiums, click here http://www.dialdirect.co.za/quote
