Re: Iptables and FTP problem

[Phil Dyer <phil@dyermaker.org>]

you need to allow port 20 for the data connection.

phil


On 9/1/2007 4:52 AM, Mahdi Rahimi wrote:
> hello
> I have problem in our clients's outside ftp access via debian.
> My LAN users can't start data transfer to outside FTP servers, but they
> can establish connection to port 21 on the outside ftp server.
> 
> I want to my LAN users use ftp clinets in ACTIVE mode.
> my rules:
> 
> ***nat
> -A PREROUTING -i $LAN -s 192.168.1.0/26 -p tcp -m multiport --dport 21 -j
> ACCEPT
> -A POSTROUTING -s 192.168.1.0/26  -d 0/0 -o eth1 -j MASQUERADE
> 
> ***filter
> -A FORWARD -i $LAN -o $EXT -s 192.168.1.0/26 -p tcp --dport 21 -m state
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
> -A FORWARD -i $EXT -o $LAN -p tcp --sport 21 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> 
> *************
> modprobe ip_conntrack_ftp , ip_conntrack, ip_nat_ftp
> 
> 
> 
> 
>