On Thu, Jul 14, 2005 at 10:54:54PM +0100, Patrick Welche wrote:
> On Thu, Jul 14, 2005 at 11:27:49PM +0200, scalopus wrote:
> > Hi,
> >   i am not sure if you have modified inetd, but you need to have
> > the ftp-proxy daemon running if you want to use it in the pf.
> > Add the following line to inetd.conf:
> > 
> > 127.0.0.1:8021  stream  tcp     nowait  root    /usr/libexec/ftp-proxy ftp-proxy
> 
> Unfortunately I already have, that is why the ftp-proxy wrote the
> debug message. The fun since then is that of course the NetBSD ftp
> client seems to work no matter what (with or without -A), so I use
> the microsoft client, whose connection gets blocked by the antivirus
> software(!) and the xp firewall. After all that I have a working setup
> on the magic laptop, with a windows 95 client, but not on the desktop.
> This is the same desktop for which ipf didn't work, and the same laptop
> for which ipf did work. (What does Feature mask: 0x10a in ipf -V mean?)
> (http://mail-index.netbsd.org/current-users/2005/07/07/0010.html
>  http://mail-index.netbsd.org/current-users/2005/07/08/0007.html)

The only difference I can spot are

                     working   broken
ethernet cards       rtk/xi    bge/ex
ipf feature mask     0x10a     0xa

With ipf, "bad NAT", with pf, broken active ftp. In both cases a packet
is blocked going out of the internal interface..

Patrick