Hello,

I am having a bit of an issue trying to get ftp traffic pass though a stateless firewall built with iptables (the kernel of the server does not seem to have the modules needed for stateful connections). I have tried to make the firewall rules as general as possible:

iptables -A INPUT -p tcp --sport 20 --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --sport 20 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p tcp --sport 21 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p tcp --sport 1024:65535 --dport 1024:65535 -j ACCEPT

but no luck. I also tried editing /etc/pure-ftpd.conf and uncommenting the PassivePorts range
but again no luck.

All the iptables examples i have found online show statefull rules but no statefull rules. There has got to be a way to filter ftp traffic without having to have a statefull firewall.

Anyway, does anyone know of a stateless ruleset for iptables that allows FTP connections though a stateless firewall.

Your help would be greatly appreciated,
mike