Josh, Looks like you might be experiencing the "Double NAT Problem" with SSL.... Here's a response I sent several months ago regarding a similar problem for another WS_FTP Server user:
-----Original Message----- From: Pete Simpson Sent: Monday, August 25, 2003 8:41 AM To: '[EMAIL PROTECTED]' Subject: RE: [WS_FTP Forum] Double nat problems Yes, but you may not like it very much. 1.) If using WS_FTP Server 4.01 set the options in "Firewall" to use your external IP address. Likely is that a PASV connection is attempted and the client is attempting to connect to your private address space, not your global address space. If that does not work... then here's the only fix I know: 2.) Put two NIC's in your WS_FTP Server. One NIC goes to your internal network. The other NIC goes to your external network and has your public address on it. Configure WS_FTP Server to use the external address, and set the port range from 1024-5000. Set your default gateway on the external interface to be whatever your external gateway is (border router?). DO NOT SET the default gateway on your internal NIC, instead use a persistent route statement for just your internal subnets. (E.G., if your internal address space is all in the 192.168.x.x range, you'd add (from and command prompt) ROUTE -p ADD 192.168.0.0 255.255.0.0 <gateway_ip address>. Finally, implement Access Lists on your external router to throw away inbound traffic destined for the external interface of the FTP server. You'll want to allow TCP & UDP ports 20,21 and the range from 1024-5000. Throw everything else away. good luck. Pete -----Original Message----- From: Seth Berger Sent: Monday, August 25, 2003 8:31 AM To: [EMAIL PROTECTED] Subject: [WS_FTP Forum] Double nat problems I am running my ftp server internal, with an internal address of 192.168.x.x, and my external (internet) address 206.245.157.x. I have a client that is trying to connect via the internet to my internal server, and they are running an internal address through a Checkpoint FW, and can't get data connection. We are using SSL with a Verisign certificate. I tried from my house over DSL, and through a linksys router from my NAt'd internal address, and it worked fine. Anyone have any suggestions? Client V8 Server v4.01 Thanks Seth -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 8:42 AM To: [EMAIL PROTECTED] Subject: [WS_FTP Forum] WS_FTP Server - Newbie question (re: PASV) I just started trying to figure out how to use WS_FTP Server on my Windows XP machine which is behind a router on my network. My host IP address is 192.168.1.2 (which is the IP address of the machine which connects to my router). After setting up some user names I wanted to test it out. When I tried to connect with PASV on, it connects to the FTP server, but hangs on the "LIST" command. I turn PASV off and it connects completely. However, after connection...if I start to upload (or download) a large file from my machine, it hangs up after a few minutes. The reason it hangs up is because I have my FTP client set to multiple connections to the server and it is receiving a "NOOP" command. Then I tried to set my FTP client to connect with only 1 connection to the server and PASV turned off. I was able to upload 95MB of a 163MB file before it hung on me again. This time I'm not sure what the problem was, but I was not able to resume the upload (received an error). Does anyone know what I could be doing wrong or if I need additional setup. I even put the IP address of my router in the "Firewall" setting of WS_FTP Server, thinking that would help the PASV connection problem...but to no avail! BTW, how important is the host name of the FTP Server? I just put in a random name since I wasn't sure what to put there (in the help it said something about the DNS name server). FYI, I have a Linsys 4-port router on a RoadRunner Cable Modem connection. Thanks for all and any help! Josh http://www.realmed.com/legal/confidential.htm Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/wsftp_forum%40list.ipswitch.com/
