Hi,
My problem is somewhat similiar to the problem listed in following thread.

http://www.linuxquestions.org/questi...threadid=48062

I am running FTP server in Windows 2003 and is perfectly working fine with other windows and Linux clients within the internal LAN. But I am not able to connect to this Server from external client(Linux).
Let me describe about my network. I am running Linux firewall on gateway server. Windows FTP server is one of the internal LAN host. I have done nating to access the FTP server from external client. I am getting "227 entering passive mode" and after a while it times out. But I am able to see the directory and cd the desired directory. I am including configuration. I would be very thankful if anybody can help me.
Thanks in advance!!!!!!!!!!

root@abc root]# ftp 61.35.215.23
Connected to 61.35.215.23 (61.35.215.23).
220-Microsoft FTP Service
220 This is New Wave Test site
Name (61.35.215.23:root): administrator
331 Password required for administrator.
Password:
230-You are welcome to this site if ur authorized else just get out of this place
230 User administrator logged in.
Remote system type is Windows_NT.
ftp> cd cham
250 CWD command successful.
ftp> dir
227 Entering Passive Mode (192,168,1,98,10,58).
receive aborted
waiting for remote to finish abort
ftp> pwd
257 "/cham" is current directory.
ftp> cd ..
250 CWD command successful.
ftp> cd Sun_Solaris
250 CWD command successful.
ftp> pwd
257 "/Sun_Solaris" is current directory.
ftp> dir
227 Entering Passive Mode (192,168,1,98,10,5).
ftp: connect: Connection timed out



receive aborted
waiting for remote to finish abort
425 Can't open data connection.
500 'òABOR': command not understood
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
ftp: connect: Connection timed out


FIREWALL RULE

#!/bin/sh

#Initializing variables

EXTDEV=eth2
EXTIP="61.35.215.23"
EXTBASE="61.35.215.1"
EXTBCAST="61.35.215.255"
EXTGATE="61.35.215.1"
INTNET="61.35.215.0/24"

INTDEV=eth0
INTIP="192.168.1.58"
INTBASE="192.168.1.0"
INTBCAST="192.168.1.255"
INTNET="192.168.1.0/24"

IPT=/sbin/iptables
LOGOPT="--log-level=3 -m limit --limit 3/minute --limit-burst 3"
SYNOPT="-m limit --limit 5/second --limit-burst 10"

#Clearing all the existing firewall rules
if [ ! -x $IPTABLES ]
then
die "Firewall: Can't execute $IPTABLES"
fi
$IPT -P INPUT DROP # Set default policy to drop
$IPT -P OUTPUT DROP # Set default policy to DROP
$IPT -P FORWARD DROP # Set default policy to drop
$IPT -F #Flush all chains
$IPT -X #delete all chains

for table in filter nat mangle
do
$IPT -t $table -F #Delete the table's rule
$IPT -t $table -X #Delete the table's chains
$IPT -t $table -Z #Delete the table's counters
done

$IPT -t nat -A PREROUTING -i eth2 -p tcp -d 61.35.215.23 --dport 21 -j DNAT --to-destination 192.168.1.98
$IPT -A FORWARD -j ACCEPT
$IPT -A INPUT -j ACCEPT
$IPT -A INPUT -p tcp --syn -d 192.168.1.98 --dport 21 -j ACCEPT
$IPT -A OUTPUT -j ACCEPT

Regards,
Cham

Can you connect successfully to the server in active mode?
If so, your problem is passive mode, because your iptables-rules don't allow passvie ftp traffic.
Anyway, setting up a rule for this is not adequate, since passive uses random ports.
The solution is to enable the modules ip_conntrack_ftp and / or ip_nat_ftp .