With NetBSD 1.5.2 acting as a firewall, I was able to use ftp normally with
one particular site.  But since upgrading to NetBSD 1.6, I can't get an
active connection to work.  I originally used this in ipnat.conf:

map ex0 192.168.0.0/16 -> 0/32 proxy port ftp ftp/tcp
map ex0 192.168.0.0/16 -> 0/32 portmap tcp/udp 20000:40000

map ex0 164.179.157.64/26 -> 0/32 proxy port ftp ftp/tcp
map ex0 164.179.157.64/26 -> 0/32 portmap tcp/udp 40000:60000

In desperation I tried changing it to this, but that didn't help either:

map ex0 0/0 -> 0/0 proxy port ftp ftp/tcp

When I try to ftp from 164.179.157.73, tcpdump reports this conversation
(where => is being sent by ex0 and <= is being received):

=> (FTP) 'PASS *******'
<= (FTP) '230 User ofacfiles logged in'
=> (TCP) Ack flag set
=> (FTP) 'PORT 164,179,157,73,14,75
<= (TCP) Reset flag set

The FTP client on 164.179.157.73 then says "Connection closed by remote
host".

The site I'm trying to connect to is running the FTP server from WU.  They
say
they haven't changed anything there in months and months.  Does anybody have
any ideas?

Michael D. Spence
Mockingbird Data Systems, Inc.