FTPS behind NAT and Firewall

Hello, I am having trouble getting FTPS to work behind a NAT and chained firewalls.

It's setup to use port 990 and a predetermined ranged in the >1024, i will used 40001 to 40100 as an example here, that has been agreed between us and the other company.

At the firewall console, I am not seeing any drops indicating that there is any automatic FTP bounce prevention active.

The sessions works as follows.

- the client initiates a connection on port 990 and a random port in the > 1024 range.

- the server issues a certificate

- the client accepts the trusted certficate

- then a second port is opened in the 40001 to 40100 range. .

- and the session begins and user is able to list directory listings and transfer files.

When I try to make this work behind NAT, it breaks right at the point where the client tried to get a directory listing.

When I do a traffic capture of a non-NAT session, i am seeing that around packet 30 - 40, a SYN is sent to client , then communication starts in the port range 40001 to 40100. When I capture in a NATed session, I never see the that SYN.

Any help or suggestions would be appreciated.

Reply to
darkog
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.