Firewall ( iptables ) enabled for ftp ( active mode & passive mode ) problem

Dear All, Mine is FC11 OS... So, how can we enable the firewall ( iptables ) for using ftp ( active mode & passive mode ) service ? For the existing setting : iptables -F iptables -X iptables -F -t nat iptables -X -t nat iptables -F -t mangle iptables -X -t mangle iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -P OUTPUT ACCEPT iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t mangle -P PREROUTING ACCEPT iptables -t mangle -P POSTROUTING ACCEPT iptables -t mangle -P INPUT ACCEPT iptables -t mangle -P OUTPUT ACCEPT iptables -t mangle -P FORWARD ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT int="eth1" int_add="192.168.1.254" int_src="192.168.1.0/24" # Only allow users to use port 22 ( ssh services ) : iptables -A INPUT -i $int -p tcp --dport 22 -s $int_src -d $int_add -j ACCEPT # Only allow users to use port 20 & 21 ( ftp services ) : iptables -A INPUT -i $int -p tcp --dport 20 -s $int_src -d $int_add -j ACCEPT iptables -A INPUT -i $int -p tcp --dport 21 -s $int_src -d $int_add -j ACCEPT # ping ( ICMP ) iptables -A INPUT -i $int -p icmp --icmp-type echo-request -s $int_src -d $int_add -j ACCEPT Problem of ftp client : connection timenout Thanks ! Edward.