> Not sure if this is the only thing causing a problem for you, but it
> appears your experiencing a problem I discovered a couple weeks ago.
 [...]

It's a good explanation for why I only have trouble with ftp.NetBSD.org.
However, your suggested fix doesn't work for me with ipnat in NetBSD
1.5.2.  It also doesn't explain why http://www.NetBSD.org hangs the same
way.


You mention that -current has a more recent version of ipf/ipnat.  Would
updating my own system be likely to help?  I was going to put -current on
my gateway anyway, and try letting it track -current.  (If the gateway
dies a horrible death, I can always reinstall it---and I have backup
access via my office should it be down for a protracted period; (^&)

If there's some hope that I'd benefit from updating my gateway machine,
then I'll table my ftp/www concerns for now...


> Anyway, once you remove the special handling for ftp packets (and use only
> passive ftp), ipnat should forward the fragments again properly.  Or

That would be a minor annoyance for me, but I could cope if it would let
everything else work.  (^&


  ``I probably don't know what I'm talking about.'' --rauch@math.rice.edu