> SonicWALL does fix this, and we also would REALLY like to know how!! At > the present time, our only "solution" is to reconfigure the clients to > gateway to the SonicWALL because everyone's browser only does passive > FTP. I have an idea on how SonicWALL fix this, maybe it is programmed to detect badly configured FTP replies and correct them itself by replacing the PASV x.x.x.x command with the source IP found in the IP packet something like : if ip.sourceIP != ftp.reply.passiveIP then ftp.reply.passiveIP = ip.sourceIP I dont think iptables can do that, correct me if i'm wrong I see you got a workaround, happy to hear this :) Have a nice day Maxime
