On Fri, 2002-06-21 at 14:58, David Busby wrote: > List, > I've got a 7.2 machine using IPTables to NAT my office to the internet. > All traffic works find except FTP. When my ftp clients issue the PORT > command the server responds with a 500 error. If I put my office hosts > on to our old NAT box to the internet the PORT command is sucessful. So > I'm thinking that there must be something wrong with my IPTables setup. > I've tried removing my DROP rules for my INPUT chain but it didn't > help. Any advice? > > TIA > /B > > Here's my iptables -L > > [root@tutamen /]# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > DROP icmp -- anywhere anywhere > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > DROP tcp -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > > Chain
>From the first link Google came up with searching for iptables nat ftp: --------------------------------------------------- Connection tracking and ftp Firstly, you need to load the ip_conntrack_ftp module. Assuming you have a single-homed box, a simple ruleset to allow an ftp connection would be: iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT ------------------------------------------------------------------------ I am just starting my first iptables firewall setup on a new Lan we are building so I can't be of more specific help however I would try one or both of the following: insert the module mentioned above $ insmod ip_conntrack_ftp if no joy I would try passive ftp connections if you are not already doing so. I do not know if the ip_conntrack_ftp module is supposed to handle non-passive transfers. HTH Bret _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list