In message <20040904145353.25097a03.netbsd@fang.demon.co.uk>, Douglas Brebner w
rites:
>On Thu, 2 Sep 2004 20:37:48 -0400
>Sean Davis <dive@endersgame.net> wrote:
>
>> On Thu, Sep 02, 2004 at 05:50:01AM +0000, Matthias Scheler wrote:
>> > In article <20040901220547.GB28724@endersgame.net>,
>> > 	Sean Davis <dive-nb@endersgame.net> writes:
>> > > If you have a more likely suggestion as to where the problem is,
>> > > I'm all ears.
>> > 
>> > It sounds more like:
>> > 
>> > *26581: IPF blocks legitimate packets due to incorrect TCP window
>> > check
>> 
>> That could be it, but if so, I'm wondering why I never saw it happen
>> on the i386 machine, as I do plenty of ftp downloads through NAT..
>> (pkgsrc on multiple machines, etc)
>
>FWIW, I've seen it happen on i386 machines, usually when the ftp server
>sends multiple lines in a response.
>
The classic version of that involved Checkpoint firewalls.  This sounds 
different.

		--Steve Bellovin, http://www.research.att.com/~smb