whoops.. I used the wrong switch in the last email for ipnat -lvd output..
Here is the output showing the HTTP connection mis-identified as "ftp":
MAP 10.5.0.115 4539 <- -> my-public-ip 4539 [216.239.63.83 80]
ttl 467 use 0 sumd 0x216b/0x216b pr 6 bkt 15666/4639 flags 1
ifp X,X bytes 0/7417 pkts 0/6 ipsumd 216b
nat_next 0 _pnext ffffffff863ffc20 _hm ffffffff86f62ac0
_hnext 0/0 _phnext ffffffff861e4990/ffffffff861f00f8
_data 0 _me 0 _state 0 _aps ffffffff864a9f50
fr ffffffff8615ca00 ptr ffffffff817db380 ifps
ffffffff81d9dcb8/ffffffff81d9dcb8 sync 0
tqe:pnext ffffffffc02de338 next 0 ifq ffffffffc02de310 parent
ffffffff86401a00/fffffd7fffdff888
tqe:die 18869 touched 0 flags 0 state 4/0
proxy ftp/6 use -18 flags 0
proto 6 flags 0 bytes 0 pkts 0 data YES size 344
state[0,0], sel[0,0]
seq: off 0/0 min 0/0
ack: off 0/0 min 0/0
FTP Proxy:
passok: 1
Client:
seq 0 (ack 0) len 0 junk 0 cmds 0
buf [\000]
Server:
seq b3c2aad1 (ack 0) len 0 junk 0 cmds 0
buf [\000]
And btw, I also tried applying the first patch (fix) for the tcp window
scaling, and it didn't fix it either..
