Hello All! I have a box that is acting as a masquerading firewall between a lan and the great WWW. I used to have a rule for a subnet of machines that were only allowed to FTP due to web abuse issues. This was in SuSEfirewall2 in 9.1. I have just upgraded to 10.0 and now Active FTP is broken. The relative lines were: 192.168.20.224/28,0/0,tcp,20 192.168.20.224/28,0/0,udp,20 192.168.20.224/28,0/0,tcp,21 192.168.20.224/28,0/0,udp,21 in FW_MASQ_NETS. It worked great. Now my FTP clients stop dead in their tracks at the PORT command. The end of the transaction in ethereal reveals: 209 2.017000 192.168.20.226 208.113.147.155 FTP Request: PWD 2001 21 252 2.099551 208.113.147.155 192.168.20.226 FTP Response: 257 "/" is current directory. 21 2001 253 2.114193 192.168.20.226 208.113.147.155 FTP Request: PORT 192,168,20,226,7,210 2001 21 261 2.367009 208.113.147.155 192.168.20.226 FTP [TCP Out-Of-Order] Response: 257 "/" is current directory. 21 2001 262 2.367168 192.168.20.226 208.113.147.155 TCP dc > ftp [ACK] Seq=73 Ack=229 Win=65307 Len=0 2001 21 268 3.336464 192.168.20.226 208.113.147.155 FTP [TCP Retransmission] Request: PORT 192,168,20,226,7,210 2001 21 616 5.961397 192.168.20.226 208.113.147.155 FTP [TCP Retransmission] Request: PORT 192,168,20,226,7,210 2001 21 1025 11.211392 192.168.20.226 208.113.147.155 FTP [TCP Retransmission] Request: PORT 192,168,20,226,7,210 2001 21 1976 21.711380 192.168.20.226 208.113.147.155 FTP [TCP Retransmission] Request: PORT 192,168,20,226,7,210 2001 21 Never is there a single port 20 record line. Outside of the out of order line (which doesn't always show up), I don't see anything wrong up till here. It used to work fine. What happened? I can get passive FTP to work but it requires opening outbound high ports to the abusers who then IM and chat all day long. Any help is greatly appreciated. Mike