On 2012-11-28, Chris Smith <[email protected]> wrote: > Having some issues with a client system attempting to use a product called > MoveItFreely to connect to server via FTPS (FTP with TLS). The firewall is > running a snapshot from April, 3 2011 of version 4.9. > > I have added a pass rule for the additional (to port 21) requested ports of > 989, 990, and 50000:52000 but still having connection problems. Just > wondering if the ftp-proxy would be interfering this.
If the control connection is encrypted as with ftp+tls, then ftp-proxy *cannot* work, as it cannot read the commands. So, if this is with NAT, you can't rely on ftp-proxy to fix things up, you will need ftp+tls software where you can manually set the external address. > Also wonder why anyone in their right mind would use FTPS!? Because they can just hack it on top of their crusty old ftp server software, whereas using sftp would need much bigger changes?
