On Thursday 06 June 2002 4:41 pm, Erik Pagel wrote: > iptables -N ftp > iptables -A ftp -p tcp --dport 20:21 -o $I_EXTERN -j ACCEPT > iptables -A ftp -p tcp --sport 20:21 -i $I_EXTERN -m state --state > ESTABLISHED,RELATED -j ACCEPT > iptables -A ftp -p tcp --dport 20:21 -i $I_EXTERN -m state --state > NEW,INVALID -j LOG --log-level warning --log-prefix "DROP:FTP Incomming" > iptables -A ftp -p tcp --dport 20:21 -i $I_EXTERN -m state --state > NEW,INVALID -j DROP
> iptables -A INPUT -j ftp > iptables -A OUTPUT -j ftp > iptables -A FORWARD -j ftp That is a very strange set of rules to try applying to all three of INPUT, FORWARD and OUTPUT chains ! Please can you tell us whether you are trying to ftp from this machine with the netfilter rules on, or is the netfilter machine acting as a router between the ftp client and server ? Antony.
