Hi Antony, sorry I must apologise again, but I didn't send all my rules, just the ftp part. Of course my standard policy is deny, also I manage my own DNS Server. NAT is also installed and working. The only part not working are the ftp ruleset.
># allow ftp control connections outbound > iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT Why only port 21 and not also port 20 (DATA Channel). ># allow replies back from ftp servers > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT Ok, but I want to restrict the portrange to source port 20 and 21. Anyway my last ruleset has a line like this but I want to get ride of it. [...] I delete some line just to make the reply short. > iptables -A POSTROUTING -t nat -o $EXT_IF -j SNAT --to $EXT_IP I use this rule iptables -t nat -A POSTROUTING -o $I_EXTERN -j MASQUERADE > Let us know how you get on with those. sorry, not until now. > > Antony. > bye Erik
