FTP with TLS/SSL using linux ubuntu with ProFTP behind NAT router - If you are Linux users and never setting ProFTP, then we ever get the following error on the client side when they are using application with FileZilla.
Filezilla error log: 123
Status: Server sent passive reply with unroutable address. Using server address instead.
Error: GnuTLS error -53: Error in the push function.
This occurs if the FTP server is behind a NAT. username and password be sent to either, but by the time we get into that directory then we will get an error as above.
The error occurs when using FTP passive mode, the FTP server requires extra port for forwarding. passive mode means that the client start with two connection to the server (Connection command and data connection). Port 21 is used for command and authentication and other ports are used to transfer the actual data.
In the active module, the server opens a connection to port the client, but be connected from the outside, and a firewall that covers it. so this is why active mode is not used. Now back to the MLSD, the server does not know who is behind a router, and it may tell a client to connect to a port on the private IP.
To overcome this, we need to tell ProFTP that it is behind a router, so it can send the client a public IP address. ProFTP also need to have a variety of known ports are defined, the port must be forwarded from the router.
In the following example I will use:
192.168.1.100 - private IP for the box that's running ProFTP126.96.36.199 - public IP (external router IP)52500 - 52510 - range of forwarded ports
1. Edit /etc/proftpd/proftpd.conf and modify the lines like that :
PassivePorts 52500 52510MasqueradeAddress 188.8.131.52
Restart ProFTPd after that.
2. Forward 52500-52510 range (TCP) to 192.168.1.100 on your router.
Remember to replace the port range, private IP and public IP with your own data. Check the log for ProFTP in case of problems : /var/log/proftpd/tls.log.