Hallo suse-security, I´m still not sure how to configure SuSEfirewall2 to get active ftp working. The Server is between two LANs and doing no masquerading. from the config: FW_FORWARD="[...] \ myip,ftpserverip,tcp,21 \ myip,ftpserverip,tcp,20" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" Now if I try to establish a connection I get a connect, but when trying to list the ftp-dir the ftp client hangs. The firewall-log says: Jul 16 16:13:51 [firewallmachine] kernel: SuSE-FW-DROP-DEFAULT IN=eth1 OUT=eth0 SRC=[ftpserverip] DST=[myip] LEN=60 TOS=0x08 PREC=0x00 TTL=62 ID=46457 DF PROTO=TCP SPT=20 DPT=1137 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A16229CFF0000000001030300) What else is needed to get active ftp working through SuSEfirewall2? If I insert a rule like $IPTABLES -A $CHAIN -j "$ACCEPT" -m state --state ESTABLISHED,RELATED -d $quelle -s $ziel -p tcp --sport 20 in SuSEfirewall2-custom active ftp works again, but I don´t think that´s the proper way? There has to be something in /etc/sysconfig/SuSEfirewall2 I´m missing. The Firewall machine is running SuSE8.2Professional, Kernel 2.4.20-4GB-athlon -- Mit freundlichen Grüßen, André Sänger mailto:Andre.Saenger@gmx.de