Nope. Your rule says to allow related,established on port 21. It doesn't apply to port 20. Add a log rule to see what's being dropped.
You can remove the --sport 21 and just allow in ANY established,related and that should work. phil On 9/1/2007 7:36 AM, Mahdi Rahimi wrote: > thanks phil > But i think the port 20 is in RELATED state and no connection need to be > established. module ip_conntrack_ftp must correct this problem. [snip] >>> ***filter >>> -A FORWARD -i $LAN -o $EXT -s 192.168.1.0/26 -p tcp --dport 21 -m state >>> --state NEW,ESTABLISHED,RELATED -j ACCEPT >>> -A FORWARD -i $EXT -o $LAN -p tcp --sport 21 -m state --state >>> ESTABLISHED,RELATED -j ACCEPT >>> > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
