Hi Antony, >> ># allow ftp control connections outbound >> > iptables -A OUTPUT -p tcp --dport 21 -j ACCEPT >> >> Why only port 21 and not also port 20 (DATA Channel). > > Because the first outbound connection from the client to the server will > always be a control connection, and then replies for both control and > data will be handled as in the ESTABLISHED,RELATED state match.
It looks like iptables didn't like my portrange. If I use only port 21 and didn't mention port 20, it's working like a charm. Maybe this is a point for the ip_nat_ftp/ip_contrack_ftp README. > > So did you try them ? Do they work ? Yes. Thank you and all other for your help. > > Antony. > bye Erik
