You'll have to get wuftp or some equivilent GUI FTP for windows, that   
supports pasv.

John A. Maier
Kemper Military School and College
Director of MIS
Voice: 660-882-5623
Fax: 660-882-3778
Email: johnam@kemper.org
Web: www.kemper.org


> -----Original Message-----
> From: Mike Pelley [mailto:mike.pelley@coventus.com]
> Sent: Friday, March 03, 2000 4:53 PM
> To: Henry Nelson; netbsd-help@netbsd.org; John A. Maier
> Subject: RE: can't "ls" or "get" by ftp through nat/ipf
>
>
>
> > I just got nat/ipf working on a NetBSD1.4.1 machine.  So
> > far using telnet there have been no problems, but when I
> > tried to download a file by ftp to my Windows98 machine
> > on the subnet, I found that I could not do "ls" or "get",
> > while I could connect, login, "cd", "pwd" and "binary".
> > Ipf.conf has only pass in/out from any to any.  Any
> > help/pointers much appreciated.  Thanks.
>
> The problem is active ftp doesn't work through NAT (for the
> most part).
> There are two ways to fix this.  You can set your Win98 machine to use
> passive ftp (usually in "firewall settings" or something
> similar, sometimes
> called PASV).  Unfortunately the command line ftp client that
> comes with
> Win98 does not seem to support passive.
>
> The other solution is probably better for you - ipnat has a built in
> transparent FTP proxy.  You need to add an ftp proxy line to your
> /etc/ipnat.conf - here's mine:
>
> map fxp0 10.1.0.0/24 -> 24.114.176.87/32 proxy port ftp ftp/tcp
> map fxp0 10.1.0.0/24 -> 24.114.176.87/32 portmap tcp/udp 10000:40000
> map fxp0 10.1.0.0/24 -> 24.114.176.87/32
>
> The first line is the relevant one ;o)
>
> Good Luck!   Mike.
>
>