"Howard Shaw" wrote: > I'm setting up a port filtering firewall for an ftp server.. I'm using > iptables. What ports beside 21 do I need to allow connections to for > this to work? If you're going to do this, be sure use connection-tracking (stateful) features provided with iptables! As Robert Bushman noted, you need to allow access from the server to port 20 on the outside world. However, if you only use basic filtering to allow all traffic _between_ the server and port 20 on outside systems, it is TRIVIAL to manipulate traffic to come from that port through the filter to the inside server. iptables with ip_conntrack and ip_conntrack_ftp can provide the desired protection by only allowing such connections IF an FTP session has actually been established, and only FROM the server TO the outside (not just anything between the server and port 20 on the outside). There are some good HOWTO documents on these features. - Bob