YES! This solution works.
Although I had read through the vsftpd.conf file, I did NOT see a reference to port ranges for passive mode. After reading the link you provided, I found there are a LOT of options to vsftpd that I didn't know about. :) So, I simply added the pasv_min_port and pasv_max_port to my vsftpd.conf file, restarted the daemon, and added the port range to iptables and....all is good. THANK YOU!
As I already wrote once in this thread, unless you are using FTP over SSL, do not open the range of ports. If you are using plain FTP (which I believe you are using), load ip_conntrack_ftp module (and ip_nat_ftp if NAT is in use on the firewall) and use it in combination with RELATED state match.
There is really no point in making your firewall rules less strict (by opening range of ports when it is not needed).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
