>> would this be included in a sup (in the last day or so) of 1.4_alpha?
>> if so, i'll check again to see if it works more betterly.
>
>No, I don't think so.  I've not yet heard a release date even mentioned
>for IP-Filter 3.2.11, and even if it were this week I doubt it would be
>rolled into NetBSD-1.4 at this point (unless it fixed a very serious bug
>of some sort).  You'd have to re-integrate it yourself....

ah.  ok. i'll have to see if i can get that to work.

>> well...that's encouraging.  no...it doesn't panic.  only "fracture"
>> (not break) ftp.  ncftp works, as does passive.
>
>That sounds like a tough one to debug....

after i looked at the packets, it was easy to see the problem.

and after looking at ip_ftp_pxy.c line 144+8, it looks like i just
wanna remove that chunk (or something).  it'll probably fix my
problem.  and i think that ftp clients that don't send the crlf are
dumb (it *is* linux, after all), but clients that will actually "lose"
after a "fix" like this actually *deserve* to lose.  it means that
they're sending the bytes of the port command piece meal.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."