By default FTPS (FTP over SSL, not to be confused with FTP/SSH or SFTP) runs on port 990. It also sounds like you're using passive mode - if so you may need to open those ports as well. It would make sense to me (although I don't know) that conntrack_ftp could only track unsecured FTP sessions since the only indication of a port change is in the packet data (which would be encrypted). Someone may know better than I, though. Derick Anderson > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Vects > Sent: Thursday, August 18, 2005 2:53 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: ftps and iptables > > Hi, > I have web server protected by iptables at office, lately I > wanted to activate ftps on it but failed to get a list by > client. It's working well when iptables are down. I played > with iptables rules, open full access from web server but it > didn't help. I couldn't find anything special what prevents > it to operate. Does somebody already solved such a problem? > > Thanks, Alexc. > > > >
