[Sheflug] FTP server firewall problem

["Bill Best" <bill [at] xxxxxxxxxxxxxxx>]

I'm trying to set up a server running vsftpd under RH8.0 and require public
ftp access
to it.

I'm running iptables on the machine and am accepting connections on
destination port 21 but I now understand that I need to enable access to
some higher ports for the control connections.

My understanding of active FTP, so far, is that the client initiates a
control connection to the server's port 21 from a high port.  The server
replies to a high port on the client machine from port 20 - this is the data
connection.

I would have thought that the following two rules would have sorted it:

-A RH-Lokkit-0-50-INPUT -p tcp --dport 20:21 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

But, of course, it hasn't.

Can anyone please help?

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.