iptables and proftpd

[yoann]

Hi all,
I have a little problem with my proftpd server and my firewall
I have a sarge, kernel 2.4.19 (custom).
I have open the 2 port 20 and 21 but when someone try to connecte on it 
he can't get the file list.

iptables rules :
# ftp
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --dport 
ftp -j ACCEPT
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --sport 
ftp -j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --dport 
ftp -j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --sport 
ftp -j ACCEPT

# ftp-data
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --dport 20 
-j ACCEPT
iptables -A server-in -m state --state NEW,ESTABLISHED -p tcp --sport 20 
-j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --dport 
20 -j ACCEPT
iptables -A server-out -m state --state NEW,ESTABLISHED -p tcp --sport 
20 -j ACCEPT

I have tried this :
# ftp
iptables -A server-in -p tcp --dport 21 -j ACCEPT
iptables -A server-in -p tcp --sport 21 -j ACCEPT
iptables -A server-out -p tcp --dport 21 -j ACCEPT
iptables -A server-out -p tcp --sport 21 -j ACCEPT
# ftp-data
iptables -A server-in -p tcp --dport 20 -j ACCEPT
iptables -A server-in -p tcp --sport 20 -j ACCEPT
iptables -A server-out -p tcp --dport 20 -j ACCEPT
iptables -A server-out -p tcp --sport 20 -j ACCEPT
in fact, in a shell, everything's working, but if I use mc or mozilla, I 
can't list the files

iptables' logs for mc :
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49345 DF PROTO=TCP SPT=38311 DPT=32793 
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49346 DF PROTO=TCP SPT=38311 DPT=32793 
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49347 DF PROTO=TCP SPT=38311 DPT=32793 
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49348 DF PROTO=TCP SPT=38311 DPT=32793 
WINDOW=5840 RES=0x00 SYN URGP=0

iptables' logs for mozilla :
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49569 DF PROTO=TCP SPT=38320 DPT=32794 
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49570 DF PROTO=TCP SPT=38320 DPT=32794 
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49571 DF PROTO=TCP SPT=38320 DPT=32794 
WINDOW=5840 RES=0x00 SYN URGP=0
Reject : IN=eth0 OUT= MAC= SRC=192.168.0.2 DST=192.168.0.1 LEN=60 
TOS=0x00 PREC=0x00 TTL=64 ID=49572 DF PROTO=TCP SPT=38320 DPT=32794 
WINDOW=5840 RES=0x00 SYN URGP=0

why mozilla or mc try to connect on port 3279X ???
thanks for you help
yoann

___________________________________________________________________
Haut D�bit: Modem offert soit 150,92 euros rembours�s sur le Pack eXtense de 
Wanadoo !
Profitez du Haut D�bit � partir de 30 euros/mois : 
http://www.ifrance.com/_reloc/w