Richard wrote: [ Please don't toppost. Thanks ]
Hi I've got ip_conntrack running,
I was talking about ip_conntrack_ftp, not ip_conntrack. You need both. The difference is between ftp working and not working at the first LS command.
My server hosts FTP accounts and I also need outgoing ftp ...
Clear, so you need the input rule on port 21 as well.
No problems accessing the ftp hosted on this server, but can't do a CWD (ls) from this server to another external ftp server unless the firewall is disactivated.
No problems? Impossible with the rules you posted.
I guess you are going to say most of my settings are useless but here goes my current settings :
Thanks, but that is virtually unreadable. Post the output of iptables-save instead.
HTH, M4
