On Thu, 21 Jul 2005 21:52:40 +0100, Patrick Welche wrote:

> Amazing:
> 
> Set up working ipf and pf firewalls, both doing ftp proxying (proxy port
> ftp ftp/tcp in ipnat.conf for ipf, and the inetd ftp-proxy dance in pf).
> Check that both active and passive ftp work.
> With windows XP firewall switched off, check that ftp works through both
> firewalls.
> Now switch on the XP firewall, with ftp as one of the exceptions.
> ipf works, pf gets blocked ! (the ftp-proxy data connection back to the xp client)
> 
> Now, what's the difference?

Maybe the FTP data connections have the firewall's address as source,
instead of the ftp server's address? Check it with tcpdump.

Bye	Pavel