I am using a Windows 98 client to access an FTP site x1.x2.x3.x4 behind BM
3.8/NW6sp4 firewall. When I ftp://x1.x2.x3.x4, I sign on with an username1
and password1. After few seconds, it give me error of 425 Can't open data
connection with the two filter(s)

SOURCE INTF:
PRIVATE

DEST INTF:
ALL

PACKET TYPE:
FTP-PORT-PASV-ST

SOURCE ADDR:
ANY

DEST ADDR:
HOST: FTP-SITE




SOURCE INTF:
ALL

DEST INTF:
PRIVATE

PACKET TYPE:
FTP-PORT-PASV-ST

SOURCE ADDR:
HOST: FTP-SITE

DEST ADDR:
ANY



This is ok when I move the machine in front of the firewall. Also, unload
IPFLT work fine. NAT has been enabled with Static and Dynamic as well.
My question is - do you I setup 6 rules as per TID 10055944 (NAT Filter
Exception: Active FTP server outside)? My past experience using BM 3.6 that
setting these kind of rules can make firewall become loosely, i.e. user can
by-pass and access Internet.

Please help.
Gilbert