I have got linux (debian 7.1 wheezy ), where I run pure-ftpd, created virtual users, folder for ftp. I also install openssl, create private certificate for tls. All seems good.
- When user connect from internal address in passive mode without TLS – its working fine.
- When user connect from internal address in passive mode with TLS – its working fine.
- When user connect from external address in passive mode without TLS – its working fine.
- When user connect from external address in passive mode with TLS – ftp doesn't work, because ftp server return to external client local ip address. And client doens't know this address.
I also tried solve this problem to create conf file in /etc/pure-ftpd/conf/ForcePassiveIP, where is written external address. But when user connect from external address he got external address what is fine, but after he got another error with connection. And I think this is not good, because users from internal network will not be able to connect ftp, because they will get external address from ForcePassiveIP conf file.
Maybe I can make two ftps server with different settings, but I think its not optimal.
Best Answer
Also if you use CSF or iptables you need to open all ports from 30000 to 50000.