Hey I just thought I would report the (quite unfortunate) results of my attempts so far (on Debian GNU/Linux 2.2, the firewall machine is also ip masquerading (successfully) some internal hosts for web, outbound FTP etc)... I tried simply forwarding port 21 to the internal FTP server, but this does not work since the outbound packets get lost. This is the same as what happens when I try to use an FTP redirection client or any port forwarding (or autofw) strategies I have thusfar encountered. Unfortunately, Fred Vile's patch (to allow inbound FTP) is only for the 2.0 kernel. I found a similar patch for the 2.2 kernel, but it apparently does not work as it also seems to loose the outbound data packets (specifically, the client can send the 200 (PORT) command fine, but then it hangs, and when I send ^C to the client it just says (421, connection closed by host)). The IP Masq HOWTO (which is great for most things) simply says that it can not be done, but that the new NetFilter may take care of this. Does anyone have experience with NetFilter? (Esp retro-fitting it onto a 2.2 firewall) Also, it was suggested by a friend that I use squid to proxy the FTP connections. Does anyone have experience with this option (or even know if it is possible!) Thanks Stephen -- If it weren't for the last minute, nothing would ever get done. -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug