I don't know anything about NetVanta either but if both the FTP client and the FTP server is NAT'ed you'll need a smart firewall to be able to inspect the FTP commands and monitor the TCP port numbers. For a cool page that clearly describes the behavior between passive and active transfers and how NAT complicates life, check this out http://slacksite.com/other/ftp.html Excerpt from the end: A quick summary of the pros and cons of active vs. passive FTP is also in order: Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side. Luckily, there is somewhat of a compromise. Since admins running FTP servers will need to make their servers accessible to the greatest number of clients, they will almost certainly need to support passive FTP. The exposure of high level ports on the server can be minimized by specifying a limited port range for the FTP server to use. Thus, everything except for this range of ports can be firewalled on the server side. While this doesn't eliminate all risk to the server, it decreases it tremendously. On Thu, 2011-12-01 at 20:42 -0600, Ryan Coleman wrote: > Neither passive nor active starts transfers in either direction. > > > On Dec 1, 2011, at 4:39 PM, Mr. B-o-B wrote: >