Hi. We set up a firewall with iptables and the following settings (as given by "iptables -L"):
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination So, we setup a FTP-Server on a suse mashine to test the ftp connection. We use the proftpd and the connection is fine. But with other FTP-Servers over the world (for example ftp.kernel.org) it is not possible to do any file transfers. No listing is shown, it seems to be a file transfer over the data channel, too. Here is the error: Connected to ftp.kernel.org, waiting for response... < 220 ProFTPD [ftp.kernel.org] > USER anonymous < 331 Anonymous login ok, send your complete email address as your password. > PASS ***** < 230 Anonymous access granted, restrictions apply. > REST 1 < 350 Restarting at 1. Send STORE or RETRIEVE to initiate transfer. > REST 0 < 350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer. > SYST < 215 UNIX Type: L8 > PWD < 257 "/" is current directory. ~ Login completed. > PORT 192,192,192,220,6,106 < 500 Illegal PORT command. ~ Could not retrieve directory listing for "/" What can we do to solve this problem? Thanks a lot for your help, The Muffinman
