After much research and debugging, I finally have my firewall almost up and running. The one thing I am lacking at this point is proper functionality of the FTP service. When I ftp to the server, the connection (eventually) logs in, but it never recieves a proper file list from the server. I am using active FTP because that is what I need to get "around" my router-in-a-box. I have found the following rules from LinuxGuruz that are supposed to allow active ftp:
iptables -A INPUT -i eth0 -p tcp --dport ftp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport ftp -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport ftp-data -m state --state ESTABLISHED,RELATED -j ACCEPT
#iptables -A OUTPUT -o eth0 -p tcp --dport ftp-data -m state --state ESTABLISHED,RELATED -j ACCEPT
From what I have read, the first rule allows for new connection and data traffic on port 21. The second allows for traffic outbound from port 21. The third and fourth allow for connection related traffic on port 20. Policies for INPUt and OUTPUT chains are DROP. When the policy is changed to ACCEPT, the connections work fine but obviously, that does me little good.
Tips/Thoughts are appreciated.