If you use the IPFilter proxy for all of your FTP traffic, you should not have this problem as it will open all of the correct ports for you, without requiring expansive rules.
Bear in mind that some file sharing programs emulate FTP protocol. If you pass FTP with a "proxy" (really the wrong word--SOCKS is a proxy; IP Filter is protocol-aware), you'll pass those programs.
-- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]>
