On Mon, Apr 1, 2013 at 8:04 PM, Max Pyziur <pyz at brama.com> wrote: > > > [root at srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config > > # Load additional iptables modules (nat helpers) > > # Default: -none- > > # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), > which > > # are loaded after the firewall rules are applied. Options for the > helpers are > > # stored in /etc/modprobe.conf. > > IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp" > > So, are you saying this last line is key? > > Because on the CentOS 5 setup I see: > IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp" > > While on the CentOS 6 setup I see: > IPTABLES_MODULES="" > > What is the correct/recommended setting? > You need ip_conntrack_ftp added to your IPTABLES_MODULES in /etc/sysconfig/iptables-config. Add that module name, restart iptables, double check your firewall rules (allow TCP port 21), and try to FTP into your box. You could have switched your FTP client to active FTP rather than passive (generally the default). The link to slacksite link below explains active and passive FTP. > > >>> http://slacksite.com/other/ftp.html > > > > > > > Max Pyziur > pyz at brama.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 //