Make sure you've opened up whichever unprivileged passive ports your FTP server uses. Passive FTP connections are seen as new by stateful firewalls, not related to the original control connection. Derick Anderson -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of varun_saa@xxxxxxxx Sent: Friday, August 12, 2005 6:30 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: ftp issue Hello, My server FC4 eth0 is wan with static IP. eth1 lan My iptables rules are as follows : # Generated by iptables-save v1.2.11 on Wed May 11 11:06:56 2005 *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 6x.xxx.xxx.xx COMMIT # Completed on Wed May 11 11:06:56 2005 # Generated by iptables-save v1.2.11 on Wed May 11 11:06:56 2005 *mangle :PREROUTING ACCEPT [93:9058] :INPUT ACCEPT [85:8650] :FORWARD ACCEPT [8:408] :OUTPUT ACCEPT [88:8886] :POSTROUTING ACCEPT [95:9218] COMMIT # Completed on Wed May 11 11:06:56 2005 # Generated by iptables-save v1.2.11 on Wed May 11 11:06:56 2005 *filter :INPUT ACCEPT [85:8650] :FORWARD ACCEPT [8:408] :OUTPUT ACCEPT [87:8810] -P FORWARD DROP -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o eth0 -p tcp --dport 25 -j ACCEPT -A FORWARD -i eth1 -o eth0 -p tcp --dport 110 -j ACCEPT -A FORWARD -p udp --dport 53 -j ACCEPT -A OUTPUT -p udp --dport 53 --sport 1024: -j ACCEPT COMMIT # Completed on Wed May 11 11:06:56 2005 -------------------------- end rules----------------------------- I am having problems with ftp uploads/downloads for : ftp.sriaurobindoashram.com Using gftp from the server : 1. gftp -> ftp->options->ftp->passive all transfer - checked Gets connected but gets stuck at recieves files names What could the problem ? Thanks Varun
