> I have been fighting with getting FTP to work through PF without success (yet). > As I have been perusing this mail list I see many having the same problem I am having, the FTP server is a separate machine, behind the PF box and for reasons unknown to us is running M$ ftp.
it's reasonably easy to make ftpds work on the system that is actually providing nat. if the ftpd is behind a device doing nat, it has to support forcing the announced ip for pasv mode (pure-ftpd, vsftpd, etc have this feature). as far as i know, the iis ftpd does not support this feature (at least in iis4/iis5).
