Hi,

from time to time, I get problems with active ftp through
my nat box. The ipnat configuration contains:

map isp0 192.168.2.0/24  -> 0.0.0.0/32  proxy port ftp ftp/tcp
map isp0 192.168.2.0/24  -> 0.0.0.0/32  portmap tcp/udp 20000:30000
map isp0 192.168.2.0/24  -> 0.0.0.0/32 

Sometimes (not always!), active ftp fails:
maus% ftp -A ftp.kde.org
Connected to max.tat.physik.uni-tuebingen.de.
220-You are user number 101 of 260 allowed.
220-Local time is now 23:23 and the load is 0.80.
220 You will be disconnected after 1800 seconds of inactivity.
Name (ftp.kde.org:ingolf): ftp
230 Anonymous user logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
501 Syntax error.
425 Will not open connection to 192.168.2.1 (only to 217.17.194.73)
ftp> 

ipnat -l on the nat box shows
List of active sessions:
MAP 192.168.2.1     64709 <- -> 217.17.194.73   64709 [134.2.170.93 21]
        proxy ftp/6 use 1 flags 0
                proto 6 flags 0 bytes 1334 pkts 18 data 0xc0374a00 psiz 356
        FTP Proxy:
                passok: 1
        Client:
                rptr 0xc0374a14 wptr 0xc0374a14 seq 30d8a71c junk 0
                buf [PORT 192,168,2,1,252,196\015\012\015\012\000]
        Server:
                rptr 0xc0374ac4 wptr 0xc0374ac4 seq a5d62a66 junk 0
                buf [425 Will not open connection to 192.168.2.1 (only to 217.17.194.73)\015\012:23 and the load is 0.80.\015\012220 You will be disconnected after 1800 seconds of inactivity.\015\000]

Does anyone have an idea what's going wrong here? BTW, all
hosts are running NetBSD-1.5.

    Ingolf
-- 

Ingolf Steinbach        Balin@IRCnet         ICQ#60829470
PGP: 0x7B3B5661  213C 828E 0C92 16B5  05D0 4D5B A324 EC04