Server Behind AZTCO-FW

FTPS, or encrypted FTP, is not affected. The proxy could not have affected its traffic before.

A server behind AZTCO-FW would work fine with active mode, there would be no difference here. In active mode the server would make outbound connections back to the client, so as long as the firewall rules on the interface containing the server allow outbound connections, it will work.

A server behind AZTCO-FW running in Passive mode will function but requires a few items to be configured:

  1. Port forwards or 1:1 NAT to forward not only port 21, but also the passive port range in to the server
  2. The passive port range must be configured on the server, corresponding to the range of ports forwarded in the previous step.
  3. The server may also need to be configured to account for NAT. Some clients will ignore private addresses in passive responses so this may not be necessary.

Sample Configuration for vsftpd

In vsftpd.conf:

# Do not allow the client to use PORT port_enable=NO
# Use the hostname in the PASV response (DNS must be setup and match!) pasv_addr_resolve=YES
# Enable Passive Mode pasv_enable=YES
# Set the passive port range (1000 ports) pasv_min_port=20000
pasv_max_port=20999
© Copyright 2025 . All Rights Reserved. AZTCO-FW| Developed By AZTCO-FW. Powered by AZTCO.