connection tracking is enabled ( ) in my kernel and my passive ftp is still being blocked when trying to reach my linux box from the outside world. it is the age-old firewall/ftp problem but i cannot find help on any of the forums as to what lines i need to add to my iptables?
my firewall consists of blocking all input packets except 21, 22, 80, etc. can i either bind ncftpd to a specific port or tell iptables to connect whatever ncftpd wants for file tranfers?

please forward me to a forum discussion if one is available. this has been bugging me for a while :)

<*> FTP protocol support

I think you also need:

<*> Helper match support
<*> Connection state match support
<*> Connection tracking match support

still no go. everything works FINE without iptables soit must be that. here is what i have and it is absolutely my fist attemot at a linux firewall. i still haven't any idea what it is all about. thanks -c


#iptables firewall rules

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

#STATE TRACKING
iptables -A INPUT -m state --state Established -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
#LOOPBACK TRAFFIC
iptables -A INPUT -i lo -j ACCEPT
#DNS
iptables -A INPUT -p tcp --destination-port 53 -j ACCEPT
iptables -A INPUT -p udp --destination-port 53 -j ACCEPT
#FTP
iptables -A INPUT -p tcp --destination-port 21 -j ACCEPT
#SSH
iptables -A INPUT -p tcp --destination-port 22 -j ACCEPT
#GAIM/GNUTELLA/LIMEWIRE
iptables -A INPUT -p tcp --destination-port 6346 -j ACCEPT
#SCORCHED EARTH 2000
iptables -A INPUT -p tcp --destination-port 4242 -j ACCEPT

Take a look at your kernel .config one more time and post what you have for your netfilter stuff.

#STATE TRACKING
iptables -A INPUT -m state --state Established -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT


I'd put those on one line....

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT