If you are running frox on a machine on your default route, and with little or no firewalling between it and either the outside world or your internal network you should not have network problems. Because of the nature of the ftp protocol though, if your setup is more complicated than this then you may run into difficulties.
The easiest way of checking that your network setup isn't what is causing the problems is to (temporarily if you wish) run an ftp server on the machine which runs frox. If you can't ftp from your clients to this server and retrieve files O.K. then your clients won't be able to ftp to frox either. Also try running an ftp client on the frox machine and connecting to a server in the outside world. If this doesn't work then frox obviously won't be able to do this either.
With a control connection problem your clients will not be able to connect to ftp servers through frox at all. If transparently proxying then check that outgoing tcp traffic is being redirected to frox without changing the destination address (ie. you must route it there, not use DNAT), and that the machine running frox can make a tcp connection to the outside world successfully
If the problem is with the data connection then your clients will be able to connect to the ftp server, login, and do things like print the current working directory. File retrievals and directory listings will fail, though you may find that passive mode ftp works and active doesn't, or visa versa.
If you are having these problems I strongly reccomend that
yes in the config file. The frox
machine must be able to make tcp connections on any port to
the outside world. It should also be possible to establish tcp
connections in either direction between the frox machine and
the client machines, and with no NAT being performed on these
connections. With this setup you shouldn't have any
The above suggestions aren't strictly necessary, but things get more complicated without them.
no: Either incoming tcp connections must be allowed from the outside world to the machine running frox, or they must be prevented only by a NATed (IP masquerading) firewall which is configured to allow ftp connections (eg. linux + ipt_nat_ftp.o module)
PASVAddressto the IP which the clients should use. NB. This option doesn't actually exist yet, but let me know if you need it and I'll consider adding it.
yes: This can make things really unpleasant. Are you sure you need it? These are the problems which spring to mind...