View Full Version : FTPS behind NAT and Firewall

05-07-08, 07:08 AM
Hello, I am having trouble getting FTPS to work behind a NAT and
chained firewalls.

It's setup to use port 990 and a predetermined ranged in the >1024, i
will used 40001 to 40100 as an example here, that has been agreed
between us and the other company.

At the firewall console, I am not seeing any drops indicating that
there is any automatic FTP bounce prevention active.

The sessions works as follows.

- the client initiates a connection on port 990 and a random port in
the > 1024 range.
- the server issues a certificate
- the client accepts the trusted certficate
- then a second port is opened in the 40001 to 40100 range. .
- and the session begins and user is able to list directory listings
and transfer files.

When I try to make this work behind NAT, it breaks right at the point
where the client tried to get a directory listing.

When I do a traffic capture of a non-NAT session, i am seeing that
around packet 30 - 40, a SYN is sent to client , then communication
starts in the port range 40001 to 40100. When I capture in a NATed
session, I never see the that SYN.

Any help or suggestions would be appreciated.