On Thu, 2005-12-08 at 13:48 +0100, wavesurf@planet.nl wrote:
Dec 8 13:44:46 linux kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0c:6e:8c:2b:ae:00:04:ed:10:08:a5:08:00 SRC=123.123.123.123. DST=192.168.1.102 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=3280 DF PROTO=TCP SPT=10175 DPT=21 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055001010402)
Look here, I am now also a bit confused, it clearly logged that port 21 is in the SFW2-INext-ACC-TCP filter. The fact that it prompts you for a logging suggests that the firewall is happy and that the port opened (21) is available. Why when you disable the firewall it works would suggest that you are missing a rule for related and established packets. Do an iptables-save > filename and the cat filename to see if the is a related and established rule for the SFW2-INext-ACC-TCP filter. If not you will need to edit the firewall with the sysconfig edit tool provided in yast. Look for the relevant option and see whether that helps. Otherwise : run this command (below) manually and see if it works, this should just prove it is the firewall, other wise please mail me off list with your iptables-save file. Let me check it for and see if I can spot the mistake. iptables -A SFW2-INext-ACC-TCP -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT Chadley