Wayne Cuddy <wcuddy@crb-web.com> writes:

> On Wed, Dec 05, 2001 at 05:35:25AM -0600, Richard Rauch wrote:
> > I really only want a few services forwarded.  In decreasing order of
> > importance: HTTP, FTP, ssh, and telnet.  (I don't need to support inbound
> > connections for any of those at this point---though it might be nice at
> > some time to support inbound ssh connections.)
> 
> NAT will nicely support all of these except FTP.  I end up having to use FTP
> in passive mode but I think there are ways around this also.  I know what
> Netscape defaults to passive mode anyway.

IPFilter's in-kernal ftp proxy works just fine for supporting outgoing
"active" ftp sessions (ie, the ones that use the PORT command). It may
still have problems with the newer EPRT command; I haven't checked in
awhile. You just need to make sure that the ftp line in ipnat.conf
precedes the more general lines, as the first match is the one used.