[I searched the archives and didn't find this mentioned.]

Often when trying to install NetBSD by having the installer download
binary sets from ftp.netbsd.org, I get errors like the following:

  # ftp -a ftp.netbsd.org 
  Trying 204.152.184.75...
  Connected to ftp.netbsd.org.
  220 ftp.netbsd.org FTP server (NetBSD-ftpd 20020615) ready.
  331 Guest login ok, type your name as password.
  230-
  421 Service not available, remote server has closed connection.
  ftp: Login failed.

[The above occurred, of course, after a successful install.]

If I repeat the command a few times, I can always get in after a
seemingly random number of retries, anywhere from 1-20 or so.  The
only thing I can think is that -- unless ftp.netbsd.org is really
broken, in which case everyone would be shouting about it -- I have
some sort of broken NAT/ipfilter stuff on the 1.5.3_ALPHA firewall +
NAT box that sits between the ftping system and the Internet.  (This
doesn't seem to affect any sites but ftp.netbsd.org, but it does
affect both lukem ftp and SecureFX ftp sessions to ftp.netbsd.org.)

These are my NAT rules.  Any obvious mistakes?

  map fxp0 int.n.e.t/24 -> ext.ad.dr.ess/32 proxy port ftp ftp/tcp 
  map fxp0 int.n.e.t/24 -> ext.ad.dr.ess/32 portmap tcp/udp 1025:65535
  map fxp0 int.n.e.t/24 -> ext.ad.dr.ess/32

Any advice would be much appreciated.

A