Hello of people I require first a healthy new year 2002 to you. here the Rules tunes my question # time iptables -t filter -A INPUT -i eth0 -p udp -s 0/0 --sport $b_port -d $A_NET --dport 123 -j ACCEPT iptables -t filter -A OUTPUT -o eth0 -p udp -s 0/0 --sport $b_port -d $A_NET --dport 123 -j ACCEPT iptables -t filter -A FORWARD -i eth0 -o eth0 -p udp -s $A_NET --sport $b_port -d ! $A_NET --dport 123 -j ACCEPT iptables -t filter -A FORWARD -o eth0 -i eth0 -p udp -s $A_NET --sport $b_port -d ! $A_NET --dport 123 -j ACCEPT b_port = b_port=1024:65535 A_NET = extip Input and output is out-commentated. thanks for your assistance. On Wed, 2 Jan 2002 13:36:03 +0100 mk@hitchhiker.com wrote:

Hello List, I'm trying to connect to any outside FTP with a aktive ftp conx type from a client behind the supposed firwall but that doesnt work, only passive is allowed. I understand the basics with in/output and forwarding, all my supposed sercies are working in and outgoing, from my firewall i can connect aktiv or passive ftp out and vice versa but not from the client behind.

It doesnt matter if I allow all new connections to input or forward, the only difference is that ftp_data is not appearing in the log anymore ????, the ip_conntrack_ftp module is loaded.

Does anybody discover the same problem or has a fix/sample for this case ???

Many thx i adv Matthias Krauss

-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~VIPEX Internet Presence GmbH Brüsseler Str. 89 - 93 D-50672 Cologne fon +49-221-5 79 77-29 fax +49-221-5 79 77-22 Systemadministrator mailto:wunsch@vipex.de http://www.vipex.de irc.vipex.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~