On Thu, 2005-07-07 at 16:55 -0700, Dave wrote: > I just installed CentOS4 on my main server. It runs proftpd and is not NATted.. > > When I did the install I said to allow FTP and HTTP. I can ftp from > windows dos ftp client. > > In IE I get "Unable to build data connection: No route to host" > > ncftp I get.. > Data connection timed out. > Falling back to PORT instead of PASV mode. > List failed. > > Wget and FireFox just time out. > > Anything I need to add to the firewall rules? This is all it has > related to FTP. > -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT These 2 will allow you to connect to port 80 ... if you are running httpd: -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT Here are the differences between passive mode and active mode FTP ... and why passive mode is probably best to set up on your server. http://slacksite.com/other/ftp.html You will need to allow the passive mode ftp ports you pick in as well ... if you picked 22222 to 22232 (you would need to set up your ftp server for passive mode ftp), then this should work: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22222:22232 -j ACCEPT -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20050707/27ae885f/attachment-0004.sig>