hello I have problem in our clients's outside ftp access via debian. My LAN users can't start data transfer to outside FTP servers, but they can establish connection to port 21 on the outside ftp server.
I want to my LAN users use ftp clinets in ACTIVE mode. my rules: ***nat -A PREROUTING -i $LAN -s 192.168.1.0/26 -p tcp -m multiport --dport 21 -j ACCEPT -A POSTROUTING -s 192.168.1.0/26 -d 0/0 -o eth1 -j MASQUERADE ***filter -A FORWARD -i $LAN -o $EXT -s 192.168.1.0/26 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A FORWARD -i $EXT -o $LAN -p tcp --sport 21 -m state --state ESTABLISHED,RELATED -j ACCEPT ************* modprobe ip_conntrack_ftp , ip_conntrack, ip_nat_ftp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
