hi, at the tests i take this output: Checking 3rd party replication from lxn1183.cern.ch to the default SE: Running command : lcg-rep -v --vo dteam -d xg006.inp.demokritos.gr sfn://lxn1183.cern.ch/storage/dteam/generated/2005-06-16/filec6a30c8a-0ebc-420d-9cd1-5a3a7b88c56f the server sent an error response: 425 425 Can't open data connection. timed out() failed. when i do telnet to xg006.inp.demokritos.gr 20000 the connection is refused , I can telnet port 2811 . at the CE i can telnet at port 2811 and at port 20000. i try to configure the iptables but its not working. at SE the /etc/sysconfig/iptables is: # Firewall configuration written by redhat-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -i eth0 -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20000:25000 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT could you please tell me how to modified it or what else i can do ? thanks xristos Christos Filippidis NCSR DEMOKRITOS Institute of Nuclear Physics office block 6(ktirion 6) Gr-15310 Agia Paraskevi GREECE Tel:2106503425 http://consult.cern.ch/xwho/people/117002 http://www.inp.demokritos.gr/~filippidisx/ ---------------------------------------------- "Institute of Nuclear Physics NCSR Demokritos" http://www.inp.demokritos.gr/