netbsd-users: IPF, IPNAT, and FTP data connections

Subject: IPF, IPNAT, and FTP data connections
To: None <netbsd-users@netbsd.org>
From: NetBSD Mailing-List <netbsd@kevcom.ca>
List: netbsd-users
Date: 09/27/2001 10:28:33

Okay, I'm at my wit's end...

I have tried a gazillion configs but I keep getting:

ftp> dir
200 PORT command successful.
425 Can't build data connection: Connection refused.

Here is my part of my ipf.conf:

pass in quick proto tcp from any to any port = ftp keep state
pass in quick proto tcp from any port = ftp-data to any port > 1023 keep 
state

...and ipnat.conf

map le1 10.1.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map le1 10.1.1.0/24 -> 0/32 portmap tcp/udp 10000:20000
map le1 10.1.1.0/24 -> 0/32

le1 is connected to my cable modem, so the 0/32 is for the dynamic IP that
is assigned from time to time.

Any suggestions as to why this setup is failing?  ipfstat -ih shows no
packets being blocked.

Thanks!
Kevin