FTPS access over WAN?

eton wrote:

ProFTPd debugging http://www.proftpd.org/docs/howto/Debugging.html TLS options http://www.proftpd.org/docs/contrib/mod ... TLSOptions Question: Using mod_tls, FTP sessions through my firewall now no longer work. What's going on? Answer: The short answer is that FTPS and firewalls (and devices performing NAT) do not interact well. The control connection happens on a well-known port, and has no issues; it is the data connection that poses problems for FTP-aware firewalls. In a non-FTPS session, the firewall can inspect the FTP server's responses on the control connection to a client's PASV or PORT command, and thus know which on which ports/addresses the data connection will be established. In an FTPS session, though, those control connection messages are encrypted (that is the point of using FTPS, right?), and so the FTP-aware firewall cannot peek. Hence, it cannot know which on which ports the data connection will be established. For firewalls that are configured to always allow a certain range of ports (such as might be configured using the PassivePorts directive), FTPS should function without issue.

Of course if you are using NAT you need to configure the NAS to use passive ports, and forward the control port and the passive ports in your router. If your router's firewall is FTP aware, you are better off forwarding a non-standard port for the control connection. There are several how-to's posted here on setting up FTP.