On Thu, 27 Sep 2001, Steven M. Bellovin wrote:

> Date: Thu, 27 Sep 2001 22:40:54 -0400
> From: Steven M. Bellovin <smb@research.att.com>
> To: henry nelson <netb@irm.nara.kindai.ac.jp>
> Cc: netbsd-users@netbsd.org
> Subject: Re: IPF, IPNAT, and FTP data connections 
> 
> In message <20010928101110.A16550@irm.nara.kindai.ac.jp>, henry nelson writes:
> >On Thu, Sep 27, 2001 at 10:28:33AM -0400, NetBSD Mailing-List wrote:
> >> ftp> dir
> >> 200 PORT command successful.
> >> 425 Can't build data connection: Connection refused.
> >[...]
> >> Any suggestions as to why this setup is failing?  ipfstat -ih shows no
> >
> >I've come to the conclusion that it is the server's setup that is causing
> >this problem.  If you are connected with
> >        "ftp.netbsd.org FTP server (NetBSD-ftpd 20010417) ready."
> >or a like server (most netbsd repositories), it always fails in this manner.
> >Most other ftp servers work fine for me.  All I can recommend is to find a
> >mirror that is not using NetBSD's ftpd.
> >
> >To test my theory, try:
> >        "isrv4.isc.org FTP server (Version wu-2.6.1(5)"
> >This and all other "wu" servers work great from here.
> >
> >henry nelson
> >
> I missed the original post, but it sounds like the old clash between 
> (some) Checkpoint firewalls and NetBSD's ftpd.  Is the client behind a 
> Checkpoint firewall?

The clients are running command line Microshaft FTP behind a NetBSD
firewall using standard IPNAT and IPF filters.

> 
> 		--Steve Bellovin, http://www.research.att.com/~smb
> 				  http://www.wilyhacker.com
> 
> 
> 

Kevin