>> how does it fail ?

> ftp ftp://ftp.netbsd.org/pub/NetBSD/packages/2.0/i386/All/bash-2.05.2.7nb2.tgz

> Logs in and does all the usual things such as..
> [everything up through and including EPRT return, then]
> 421 Service not available, remote server timed out.  Connection closed.

It occurs to me that this could also be because ftp.netbsd.org is
behind a path MTU discovery black hole from the point of view of the
client machine in question.

That seems unlikely, since such things usually result from a
misconfigured "firewall" (which here really means "packet filter")
close to the "sending" host, which in this case would be ftp.n.o - and
ftp.n.o is hosted by ISC, who tends to be clued with respect to such
matters.

It might be worth tcpdumping on the client host to see what it's seeing
on the network.  It also might be worth trying to ftp a tiny file
instead of a big file (ftp.netbsd.org:/pub/NetBSD/misc/mouse/README
will do; it's only 609 bytes long).  If that works, the probability
that it's a PMTU-D black hole goes up drastically.

> Tried other servers same thing happens.

This argues against the PMTU-D black hole theory, though it doesn't
eliminate it - it could be due to *severely* misconfigured packet
filtering close to the client machine.  Unless you tried fetching a
_small_ file from one of those other servers.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B