Ok, I have setup a test setup which is doing the same thing, here is the output of my iptables-save: =================================== Calypso ~ # iptables-save # Generated by iptables-save v1.2.11 on Wed Nov 9 13:26:17 2005 *raw :PREROUTING ACCEPT [145071395:67094999750] :OUTPUT ACCEPT [97318433:51529211890] COMMIT # Completed on Wed Nov 9 13:26:17 2005 # Generated by iptables-save v1.2.11 on Wed Nov 9 13:26:17 2005 *nat :PREROUTING ACCEPT [90:6706] :POSTROUTING ACCEPT [69:5701] :OUTPUT ACCEPT [91:6487] -A PREROUTING -d 209.212.xxx.xxx -p tcp -m tcp --dport 20 -j DNAT --to-destination 192.168.0.220:20 -A PREROUTING -d 209.212.xxx.xxx -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.0.220:21 -A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE COMMIT # Completed on Wed Nov 9 13:26:17 2005 # Generated by iptables-save v1.2.11 on Wed Nov 9 13:26:17 2005 *mangle :PREROUTING ACCEPT [650:323498] :INPUT ACCEPT [567:316916] :FORWARD ACCEPT [10:2047] :OUTPUT ACCEPT [606:234459] :POSTROUTING ACCEPT [616:236506] COMMIT # Completed on Wed Nov 9 13:26:17 2005 # Generated by iptables-save v1.2.11 on Wed Nov 9 13:26:17 2005 *filter :INPUT ACCEPT [2:246] :FORWARD ACCEPT [6:1109] :OUTPUT ACCEPT [44:16200] :bad_tcp_packets - [0:0] :icmp_packets - [0:0] :rbl_packets - [0:0] :tcp_allowed - [0:0] :tcp_filtered_packets - [0:0] :tcp_packets - [0:0] :udp_packets - [0:0] -A INPUT -s 127.0.0.1 -j ACCEPT -A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT -A INPUT -d 192.168.0.0/255.255.255.0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A INPUT -d 209.212.xxx.xxx -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -j tcp_filtered_packets -A INPUT -p tcp -j rbl_packets -A INPUT -p tcp -j tcp_packets -A INPUT -p udp -j udp_packets -A INPUT -p icmp -j icmp_packets -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -j DROP -A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT -A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT -A FORWARD -s 192.168.0.220 -p tcp -j ACCEPT -A OUTPUT -s 192.168.0.0/255.255.255.0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -s 209.212.xxx.xxx -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A udp_packets -p udp -m udp --dport 53 -j ACCEPT -A udp_packets -s 196.36.10.xxx -p udp -j ACCEPT -A udp_packets -p udp -j ACCEPT COMMIT # Completed on Wed Nov 9 13:26:17 2005 Calypso ~ # =================================== And here is the output of my tethereal: ================================= 25.628044 196.41.xxx.xxx -> 209.212.xxx.xxx FTP Request: SIZE LANDING_15.jpg 25.628282 209.212.xxx.xxx -> 196.41.xxx.xxx FTP Response: 550 LANDING_15.jpg: No such file or directory 25.676900 196.41.xxx.xxx -> 209.212.xxx.xxx FTP Request: PASV 25.677159 209.212.xxx.xxx -> 196.41.xxx.xxx FTP Response: 227 Entering Passive Mode (209,212,112,162,135,189). 25.733362 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4419 > 34749 [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1360 25.733465 209.212.xxx.xxx -> 196.41.xxx.xxx TCP 34749 > 4419 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 25.743650 196.41.xxx.xxx -> 209.212.xxx.xxx FTP Request: STOR LANDING_15.jpg 25.752877 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4419 > 34749 [ACK] Seq=1 Ack=1 Win=17680 Len=0 25.753020 209.212.xxx.xxx -> 196.41.xxx.xxx FTP Response: 150 Opening BINARY mode data connection for LANDING_15.jpg 25.840307 196.41.xxx.xxx -> 209.212.xxx.xxx FTP-DATA FTP Data: 1360 bytes 25.840552 209.212.xxx.xxx -> 196.41.xxx.xxx TCP 34749 > 4419 [ACK] Seq=1 Ack=1361 Win=8160 Len=0 25.847856 196.41.xxx.xxx -> 209.212.xxx.xxx FTP-DATA FTP Data: 257 bytes 25.847869 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4419 > 34749 [FIN, ACK] Seq=1618 Ack=1 Win=17680 Len=0 25.847964 209.212.xxx.xxx -> 196.41.xxx.xxx TCP 34749 > 4419 [ACK] Seq=1 Ack=1618 Win=8160 Len=0 25.848092 209.212.xxx.xxx -> 196.41.xxx.xxx TCP 34749 > 4419 [FIN, ACK] Seq=1 Ack=1619 Win=8160 Len=0 25.848497 209.212.xxx.xxx -> 196.41.xxx.xxx FTP Response: 226 Transfer complete. 25.870373 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4419 > 34749 [ACK] Seq=1619 Ack=2 Win=17680 Len=0 25.874183 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4391 > ftp [ACK] Seq=1785 Ack=5525 Win=17680 Len=0 25.910130 196.41.xxx.xxx -> 209.212.xxx.xxx FTP Request: SIZE LANDING_15.jpg 25.910382 209.212.xxx.xxx -> 196.41.xxx.xxx FTP Response: 213 1617 26.034473 196.41.xxx.xxx -> 209.212.xxx.xxx FTP Request: SIZE LANDING_16.jpg 26.034723 209.212.xxx.xxx -> 196.41.xxx.xxx FTP Response: 550 LANDING_16.jpg: No such file or directory 26.174579 196.41.xxx.xxx -> 209.212.xxx.xxx FTP Request: PASV 26.174852 209.212.xxx.xxx -> 196.41.xxx.xxx FTP Response: 227 Entering Passive Mode (209,212,112,162,135,190). 26.264491 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4420 > 34750 [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1360 26.264623 209.212.xxx.xxx -> 196.41.xxx.xxx TCP 34750 > 4420 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 26.304471 196.41.xxx.xxx -> 209.212.xxx.xxx FTP Request: STOR LANDING_16.jpg 26.344573 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4420 > 34750 [ACK] Seq=1 Ack=1 Win=17680 Len=0 26.344727 209.212.xxx.xxx -> 196.41.xxx.xxx FTP [TCP Out-Of-Order] Response: 150 Opening BINARY mode data connection for LANDING_16.jpg 26.512422 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4391 > ftp [ACK] Seq=1854 Ack=5694 Win=17511 Len=0 26.646760 209.212.xxx.xxx -> 196.41.xxx.xxx FTP [TCP Previous segment lost] Response: 26.822581 196.41.xxx.xxx -> 209.212.xxx.xxx TCP 4391 > ftp [ACK] Seq=1854 Ack=5696 Win=17509 Len=0 ================================= What I do notice is this: FTP [TCP Out-Of-Order] Response: 150 Opening BINARY mode data connection for LANDING_16.jpg and FTP [TCP Previous segment lost] Response: I hope this makes sense to someone... thanks Dave
