He'll also need to open up port 20. On Sat, 22 Jun 2002, Bret Hughes wrote:
> On Fri, 2002-06-21 at 14:58, David Busby wrote: > > List, > > I've got a 7.2 machine using IPTables to NAT my office to the internet. > > All traffic works find except FTP. When my ftp clients issue the PORT > > command the server responds with a 500 error. If I put my office hosts > > on to our old NAT box to the internet the PORT command is sucessful. So > > I'm thinking that there must be something wrong with my IPTables setup. > > I've tried removing my DROP rules for my INPUT chain but it didn't > > help. Any advice? > > > > TIA > > /B > > > > Here's my iptables -L > > > > [root@tutamen /]# iptables -L > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > DROP icmp -- anywhere anywhere > > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > > DROP tcp -- anywhere anywhere > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > > > Chain > > >From the first link Google came up with searching for iptables nat ftp: > --------------------------------------------------- > Connection tracking and ftp > > Firstly, you need to load the ip_conntrack_ftp module. > > Assuming you have a single-homed box, a simple ruleset to allow an ftp > connection would be: > > iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j > ACCEPT > iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j > ACCEPT > > ------------------------------------------------------------------------ > > I am just starting my first iptables firewall setup on a new Lan we are > building so I can't be of more specific help however I would try one or > both of the following: > > insert the module mentioned above > > $ insmod ip_conntrack_ftp > > if no joy I would try passive ftp connections if you are not already > doing so. I do not know if the ip_conntrack_ftp module is supposed to > handle non-passive transfers. > > HTH > > Bret > > > > _______________________________________________ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
