You are right i'm quite frustrated
And you are right i didn't do my job by verifying with the demo CD if every features useful for me were in the product i was evaluating.
I feel quite bad about myself on this point...but i still think you are facing an "entreprise" feature problem which should be in an "entreprise" solution.
Concerning the SFTP (maybe we should open a new thread from here...), i'm actually running NAS-XSR Entreprise version 3.08.XE00000000.2145 and have the firewall problem i speak of, maybe it is already corrected in an update, but i haven't seen anything about this in the updates changelog.
The FTP problem is a complex problem (I have already spent many hours studying SFTP with NAT to solve this issue), you are saying that i must open ports 1024 to 65536 on my firewall for the FTP server to answer which is completely crazy for a network administrator. (I'm sure you will agree)
BUT there is also another problem, the NAS FTP server sends its own internal IP address, so the client still cannot connect throught the worldwideweb.
I had a very interesting talk by email with "Bruce" from your mail support team in November (See issue RefID#10004112) and he agree with me about this.
I also ask him about putting the following configuration parameters in your proftpd.conf :
Which will allow the FTP server to send his external IP address instead of the intenal one like it is done actually, it also allow the NAS admin to define on which port the FTP server will answer to the clients, such allowing the network admin to open only a few and dedicated ports.Code:MasqueradeAddress ftp.mydomain.com PassivePorts 65530 65535
I'm not an FTP expert so tell me if i am wrong.
PS : I'm sure you will find my contact information in my profile on this forum or in the support RefID provided above.
Thanks for your help.
#################################################
You will find below explanation i give by email to your mail support team to explain my understanding of the SFTP problem :
Code:Case 1 : Client is in passive mode ---------------------------------------------------- The client connect and then, receive the following message : [17:03:30] Command: PASV [17:03:30] Response: 227 Entering Passive Mode (192,168,1,10,136,254). [17:03:30] Command: LIST [17:03:51] Error: Transfer channel can't be opened. We can see here that the NAS server sends its internal IP address and some random TCP port for the client to connect to, but the IP is an internal IP and the TCP port are so random that i can't open them on the firewall. I guess it would work if i could modify the following proftp server variables : MasqueradeAddress ftp.mydomain.com PassivePorts 60000 65535 Then i could open the 60000-65535 TCP ports onto my firewall, to allow passive communication with the client. Case 2 : Client is in active mode -------------------------------------------------- The client connect and then, receive the following message : [17:04:23] Status: Connected [17:04:23] Status: Retrieving directory listing... [17:04:23] Command: PWD [17:04:23] Response: 257 "/" is current directory. [17:04:23] Command: TYPE A [17:04:23] Response: 200 Type set to A [17:04:23] Command: PORT 192,168,2,126,16,46 [17:04:23] Response: 500 Illegal PORT command [17:04:23] Error: Could not retrieve directory listing Here, the message "Illegal PORT command" tells the client to activate "passive mode", and i'm back in case 1. Documentations used : ------------------------------------- * http://slacksite.com/other/ftp.html * http://www.castaglia.org/proftpd/doc...HOWTO-NAT.html * http://www.castaglia.org/proftpd/doc...HOWTO-TLS.html * http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html * http://support.ipswitch.com/kb/WS-19980722-BK01.htm * http://support.ipswitch.com/kb/WS-20001228-DM04.htm
Reply With Quote
