>OK -- here's the advice from the firewall administrator here:
>
>	Ok, if they are running Checkpoint FW-1, try comment out the following line in
>	$FWDIR/lib/base.def and reinstall the policy:
>
>	#define FTP_ENFORCE_NL
>
>Unfortunately, I don't recall what behavior in ftpd this is intended to 
>cope with...

this *sounds* like a fix to a problem that i saw a few years back with
the ftp client on a linux box going out through a netbsd ipnat
gateway.  the linux ftp client was sending the

	PORT a,b,c,d,e,f

command by itself, and then, in the following packet, sending the crlf
sequence.  at the time, the ipnat machinery in netbsd didn't really do
all that well with that happening.  it ended up sending the port
command on to the server unmodified which, of course, was no good.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."