On Sun, Apr 28, 2002 at 05:28:28PM +0200, Ingolf Steinbach wrote:
> Hi,
> 
> among others, my /etc/ipnat.conf contains the lines
>   map isp0 192.168.2.0/24 -> 0/32 proxy port ftp ftp/tcp
>   rdr isp0 0/0 port 21 -> 192.168.2.5 port 21 tcp
> (the 'rdr' line to allow ftp connections from external
> hosts to one of the internal ones).
> 
> But it seems that this is not enough: An external FTP client
> can connect, sees the greeting message and so on, but when
> the server sends the 227 reply for a PASV command (received
> from the client), the IP address in the reply is not
> translated, i.e. I can see
>   227 Entering Passive Mode (192,168,2,5,254,68)\r\n
> on the external interface.
> 
> How should I modify my ipnat.conf to make this work (besides
> disallowing passive mode in ftpd.conf)? (NetBSD/i386,
> netbsd-1-5 branch as of 2002-04-12.)

I'm not sure this is supported yet. Maybe just install a transparent ftp
application proxy on your gateway ?
Sorry I don't have one to suggest

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--