I have a ftp server and run a script of iptables on the server (not anat-gateway). The follow is the script: iptables -F OUTPUTiptables -F INPUTiptables -F FORWARD iptables -A INPUT -p udp -i eth0 -s 0/0 -d $HOME_ADDR --dport 53 -j ACCEPTiptables -A INPUT -p tcp -i eth0 -s 0/0 -d $HOME_ADDR --dport 22 -j ACCEPTiptables -A INPUT -p udp -i eth0 -s 0/0 -d $HOME_ADDR --sport 53 -j ACCEPTiptables -A INPUT -p tcp -i eth0 -s 0/0 -d $HOME_ADDR --dport 80 -j ACCEPTiptables -A INPUT -p icmp -i eth0 -s 0/0 -d $HOME_ADDR -m limit--limit 6/m --limit-burst 6 -j ACCEPTiptables -A INPUT -i lo -s 0/0 -d 127.0.0.1/32 -j ACCEPTiptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPTiptables -P INPUT DROP iptables -A OUTPUT -o lo -s 127.0.0.1 -j ACCEPTiptables -A OUTPUT -o eth0 -s $HOME_ADDR -j ACCEPTiptables -P OUTPUT DROPNow, my question is that I can not connect the ftp server with passmode until I stop the iptables. I had tried the ip_conntrack_ftp.omodule, but it didnt effect.Could anyone give me some idea?
