|
Posted by darkog on May 7, 2008, 8:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
Hello, I am having trouble getting FTPS to work behind a NAT and
chained firewalls.
It's setup to use port 990 and a predetermined ranged in the >1024, i
will used 40001 to 40100 as an example here, that has been agreed
between us and the other company.
At the firewall console, I am not seeing any drops indicating that
there is any automatic FTP bounce prevention active.
The sessions works as follows.
- the client initiates a connection on port 990 and a random port in
the > 1024 range.
- the server issues a certificate
- the client accepts the trusted certficate
- then a second port is opened in the 40001 to 40100 range. .
- and the session begins and user is able to list directory listings
and transfer files.
When I try to make this work behind NAT, it breaks right at the point
where the client tried to get a directory listing.
When I do a traffic capture of a non-NAT session, i am seeing that
around packet 30 - 40, a SYN is sent to client , then communication
starts in the port range 40001 to 40100. When I capture in a NATed
session, I never see the that SYN.
Any help or suggestions would be appreciated.
| 
XML site map