-A FORWARD -i $LAN -o $EXT -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 21 -j ACCEPT -A FORWARD -i $EXT -o $LAN -m state --state ESTABLISHED,RELATED -p tcp --sport 21 -j ACCEPT I don't have data transfer with this rules!!! ------------------------- rahimi{at}eaedu.net rahimi_m{at}cse.shirazu.ac.ir