ftp issue

[Derick Anderson]

Make sure you've opened up whichever unprivileged passive ports your FTP
server uses. Passive FTP connections are seen as new by stateful
firewalls, not related to the original control connection.

Derick Anderson 

-----Original Message-----
From: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] On Behalf Of
varun_saa at vsnl.net
Sent: Friday, August 12, 2005 6:30 AM
To: netfilter at lists.netfilter.org
Subject: ftp issue

Hello, 
      My server FC4
eth0 is wan with static IP. 
eth1 lan 
 
My iptables rules are as follows : 
 
# Generated by iptables-save v1.2.11 on Wed May 11 11:06:56 2005 *nat
:OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 6x.xxx.xxx.xx
COMMIT # Completed on Wed May 11 11:06:56 2005 # Generated by
iptables-save v1.2.11 on Wed May 11 11:06:56 2005 *mangle :PREROUTING
ACCEPT [93:9058] :INPUT ACCEPT [85:8650] :FORWARD ACCEPT [8:408] :OUTPUT
ACCEPT [88:8886] :POSTROUTING ACCEPT [95:9218] COMMIT # Completed on Wed
May 11 11:06:56 2005 # Generated by iptables-save v1.2.11 on Wed May 11
11:06:56 2005 *filter :INPUT ACCEPT [85:8650] :FORWARD ACCEPT [8:408]
:OUTPUT ACCEPT [87:8810] -P FORWARD DROP -A FORWARD -m state --state
RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o eth0 -p tcp --dport
25 -j ACCEPT -A FORWARD -i eth1 -o eth0 -p tcp --dport 110 -j ACCEPT -A
FORWARD -p udp --dport 53 -j ACCEPT -A OUTPUT -p udp --dport 53 --sport
1024: -j ACCEPT COMMIT # Completed on Wed May 11 11:06:56 2005 
 
-------------------------- end rules----------------------------- 
 
 
I am having problems with ftp uploads/downloads for : 
 
  ftp.sriaurobindoashram.com 
 
Using gftp from the server : 
 
1. gftp -> ftp->options->ftp->passive all transfer - checked 
    
   Gets connected but gets stuck at recieves files names 
 
What could the problem ? 
 
Thanks 
 
Varun