ip_masq_ftp does case sensitive comparisons of FTP commands when snooping the control connection, and may thus miss legitimate PORT/PASV negotiation. The culprit is the use of safe_mem_eq2 to match on the commands, it catches them in either all-caps or all-lower-case (PASV, pasv), but not in mixed case (PaSv) or with trailing whitespace ("PaSv "), while RFC-959 (FTP) demands case insensitive handling of FTP commands. I don't currently have time to fix this myself and submit a patch, sorry. -- Matthias Andree - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/