Hi list, I'm currently wondering about the problem with firewalling FTP traffic. I thought I knew about the way a FTP transfer goes on, so I created the following ipchains rules to enable FTP connections from inside to outside: ipchains -A input -p TCP -s 0.0.0.0/0 21 -d <MyServerIP> ! 0:1023 ! -y -i eth1 -j ACCEPT ipchains -A input -p TCP -s 0.0.0.0/0 20 -d <MyServerIP> ! 0:1023 -i eth1 -j ACCEPT That works properly untill I recognized, that some FTP connections use only ports over 1023 as source and destination in both directions as well for control as data. As it seems to be random ports, the only way I saw, to enable FTP through my firewall, was to add the following rule: ipchains -A input -p TCP -s 0.0.0.0/0 ! 0:1023 -d <MyServerIP> ! 0:1023 ! -y -i eth1 -j ACCEPT Because I really don't like that kind of very unspecific rule, my question to you is: Is this really the only way to control FTP transfer with ipchains firewall and if not what's the alternative, which is more secure? Thanks in advance, best regards and sorry for my poor english, Matthias Lenhardt -- <<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>> Matthias Lenhardt - Software Ingenieur mail:mlenhardt@inonet.com InoNet Computer GmbH http://www.inonet.com/ Computers are like air conditioners: They stop working properly if you open windows. <<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>