netbsd-help: rdr for passive ftp

Subject: rdr for passive ftp
To: netbsd-help <netbsd-help@netbsd.org>
From: James K. Lowden <jklowden@schemamania.org>
List: netbsd-help
Date: 02/23/2003 19:03:18

Hi, 

I moved my ftp server recently, and entered a redirection rule, but
passive transfers don't work.  I think this is because the rdr on port 21
works, but the subsequent data channel connection from the client is not
similarly redirected.  

$ grep -E 'ftp|  21' /etc/ipnat.conf |grep -v ^#
rdr le1 216.254.83.209/32 port  21 -> 192.168.1.5 port  21
map le1 192.168.1.0/24 -> 216.254.83.208/32 proxy port ftp ftp/tcp

What am I missing?  Do I need "keep state" magic here?  I thought that was
just to deal with fragmentation.  

Thank you kindly.

--jkl