On 10/27/05, Fred Wright <fw at well dot com> wrote:
>
> 1) FTP NAT performance:  Unlike IPFilter's in-kernel FTP proxy, pf relies
> on the userland ftp-proxy program.

got some comments on this that might be helpful.  pfsense uses pftpx,
which is also now the default in OpenBSD 3.8.   It opens up NAT and
firewall rule redirects on anchors, so once the inital connection is
brought up, it's all handled in pf in the kernel.  (from what I've
been told)

-Chris