you need to allow port 20 for the data connection. phil
On 9/1/2007 4:52 AM, Mahdi Rahimi wrote: > hello > I have problem in our clients's outside ftp access via debian. > My LAN users can't start data transfer to outside FTP servers, but they > can establish connection to port 21 on the outside ftp server. > > I want to my LAN users use ftp clinets in ACTIVE mode. > my rules: > > ***nat > -A PREROUTING -i $LAN -s 192.168.1.0/26 -p tcp -m multiport --dport 21 -j > ACCEPT > -A POSTROUTING -s 192.168.1.0/26 -d 0/0 -o eth1 -j MASQUERADE > > ***filter > -A FORWARD -i $LAN -o $EXT -s 192.168.1.0/26 -p tcp --dport 21 -m state > --state NEW,ESTABLISHED,RELATED -j ACCEPT > -A FORWARD -i $EXT -o $LAN -p tcp --sport 21 -m state --state > ESTABLISHED,RELATED -j ACCEPT > > ************* > modprobe ip_conntrack_ftp , ip_conntrack, ip_nat_ftp > > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
