On Wed, Apr 19, 2006 at 06:48:53PM +0200, rudolf wrote:
> Hi,
> 
> I am tired of trying to find out why my ftp client behind my gateway is 
> not able to talk to ftp servers. The gw is xen domU, client is in dom0. 
> The "230-" should be the start of a reply to a successful PASSword 
> command, it's too early to even talk about passive or active session ...
> 
> Sample of a sessin (after the "230-" the connection hangs for a while):
> $ ftp -a ftp.netbsd.org
> Trying 2001:4f8:4:7:2e0:81ff:fe21:6563...
> ftp: connect to address 2001:4f8:4:7:2e0:81ff:fe21:6563: No route to host
> Trying 204.152.190.13...
> Connected to ftp.netbsd.org.
> 220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20050303) ready.
> 331 Guest login ok, type your name as password.
> 230-
> 
> 421 Service not available, remote server timed out. Connection closed
> ftp: Login failed.
> ftp>
> 
> /etc/ipnat.conf:
> map xennet1 10.0.0.0/24 -> xx.xx.xx.xx/32 proxy port ftp ftp/tcp
> map xennet1 10.0.0.0/24 -> xx.xx.xx.xx/32 portmap tcp/udp 10000:20000
> map xennet1 10.0.0.0/24 -> xx.xx.xx.xx/32
> 
> Thank you for any hint.

There is a PR open about this; it's a known problem.
But you don't say which version of NetBSD you're running; if it's from
the netbsd-3 branch could you try current ? A new ipf has been imported which
may fix this.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--