NAT and FTPS problem

  • Hi everybody.

    I encounter some problems with FTPS (secured FTP) and my 2 pfsense appliances (CARP and failover configured in 2.0-RC1).

    My FTP server is in DMZ (with a 10.151.X.X address) and I have published my FTP server in NAT rules.
    I have redirected 20,21,989 and 990 ports to my FTP server (all incoming traffic in my CARP public address with well-known destination ports will be redirected to

    Simple FTP works like a charm in my public adress but when i try to connect with SSL/TLS encryption, i got an error (425 : can't open data connection).
    Filezilla client could download certificate and connect but i get stuck when I parse remote directory…

    I have setup wireshark to find the problem.

    In fact, when i connect to my public address, i could download and connect to my FTP server with SSL/TLS through NAT...
    But when my certificate is installed, filezilla want's to connect to my private IP address (which is unknown in public networks...)

    I think that i must configure my PFSense applicances to deliver certificate instead of my FTP server.

    Does some people have the same problem?

    I have join a visio diagram to see my IT infrastructure :

    Sorry for mistakes (i'm a french engineer)

Log in to reply