> I just got nat/ipf working on a NetBSD1.4.1 machine.  So
> far using telnet there have been no problems, but when I
> tried to download a file by ftp to my Windows98 machine
> on the subnet, I found that I could not do "ls" or "get",
> while I could connect, login, "cd", "pwd" and "binary".
> Ipf.conf has only pass in/out from any to any.  Any
> help/pointers much appreciated.  Thanks.

The problem is active ftp doesn't work through NAT (for the most part).
There are two ways to fix this.  You can set your Win98 machine to use
passive ftp (usually in "firewall settings" or something similar, sometimes
called PASV).  Unfortunately the command line ftp client that comes with
Win98 does not seem to support passive.

The other solution is probably better for you - ipnat has a built in
transparent FTP proxy.  You need to add an ftp proxy line to your
/etc/ipnat.conf - here's mine:

map fxp0 10.1.0.0/24 -> 24.114.176.87/32 proxy port ftp ftp/tcp
map fxp0 10.1.0.0/24 -> 24.114.176.87/32 portmap tcp/udp 10000:40000
map fxp0 10.1.0.0/24 -> 24.114.176.87/32

The first line is the relevant one ;o)

Good Luck!   Mike.