On a NetBSD-3.99.7/i386 box running IP Filter: v4.1.8, with ipnat
mapping an address range with the usual

map ex1 192.168.2.0/24 -> w.x.y.z/32 proxy port ftp ftp/tcp
map ex1 192.168.2.0/24 -> w.x.y.z/32 portmap tcp/udp 10000:65000
map ex1 192.168.2.0/24 -> w.x.y.z/32

and w.x.y.z being an alias on the external interface, passive ftp clients
fail to connect to servers which do not understand EPSV:

e.g. this works

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
229 Entering Extended Passive Mode (|||33536|)
150 Opening ASCII mode data connection for file list
-rwxr-xr-x   1 root     ftpstaff      837 Jun 11  2004 README
...
226 Transfer complete.
ftp> 

but this doesn't

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
500 'EPSV': command not understood.
502 Could not select a passive port
200 PORT command successful.
425 Can't build data connection: Connection refused
ftp> 

however this latter connection does work when not going through the ipfilter:

ftp> dir
500 'EPSV': command not understood.
227 Entering Passive Mode (131,111,3,10,35,126)
150 ASCII data connection for file list (131.111.204.132,65509) (0 bytes).
-rw-------   2 prlw1    prlw1        682 Dec 12  2003 .bash_history
...
226 ASCII Transfer complete.
ftp>


Thoughts?

Cheers,

Patrick