iptables and FTP

[Paul Roddy]

I'm trying to setup my FTP server and my IPTABLES configuration so that I
can actually use my FTP server. If I stop my IPTABLES, I can log in via ftp
and work normally, so I know its my IPTABLES that is giving me the problems.

Here is my /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 21 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 20 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed

I don't have any udp definitions for ports 20 and 21 - was going to try that
but thought I would touch base here first. does anyone have some pointers
for me and my IPTABLES configuration?

[Sam Watson]

Paul
Just to let you know I am having the same problem. To add information.
everything works if passive mode is disabled when accessing the server.
so it has to do with the port information passed in passive mode.

Sam Watson