I try to login, and type ls, it reports:
ftp: connect: no route to host
I know the problem is because a nonexistent iptables rule, i'm just at a
loss as to what the missing rules should look like. The only thing that is different in this case is that I need to use port 221 for FTP instead of 21, and I don't see why this should require special routing. ftp_conntrack modules are loaded. This is the relevant part of my current firewall script.
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [24:1341]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 221 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited :OUTPUT ACCEPT [1:72]
-A POSTROUTING -o eth0 -j MASQUERADE
