Hi, it clown schrieb: >Hi All, > >I have a ftp server running on the box connected to the >internet with iptables. I would like to allow ftp passive >connections.I have done the following and it does not want >to work: > > Let me summarize this to be sure I got it. On your internet box runs a ftp server and iptables and you want to allow passive FTP _to_ your box. Right ? >iptables -A INPUT -p tcp --sport 21 -m state --state >ESTABLISHED -j ACCEPT >iptables -A OUTPUT -p tcp --dport 21 -m state --state >NEW,ESTABLISHED -j ACCEPT >iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m >state --state ESTABLISHED -j ACCEPT >iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m >state --state ESTABLISHED,RELATED -j ACCEPT > > If I'm right you should swap --sport and --dport to something like this: iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --dport 21 --syn -j ACCEPT iptables -A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT This should work. HTH and have a nice time, Joerg
