Fastream Secure FTP Setup

I've had Fastreams FTP server running for years on a server behind a firewall.  I now need to setup a secure FTP host as well.  The port 990 is open.  I created a new ftp to listen to port 990 in the program.  I am able to connect to the new FTP server and authenticate with FileZilla from a remote location.  The problem begins when I try to get a directory listing.  In the FTPS I see:

Response:      227 Entering Passive Mode (10,192,1,23,39,16). --10.192.1.23 being the internal IP address of the server.
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      LIST
Response:      150 Opening data connection for folder list.
Error:      Connection timed out
Error:      Failed to retrieve directory listing


When I log into the working FTP I see something like this:

Response:      227 Entering Passive Mode (xx,xx,xx,xx,12,104).-- Where xx.xx.xx.xx is the external IP address
Command:      LIST
Response:      150 Opening data connection for folder list.
Response:      226 File sent ok
Status:      Directory listing successful

Any suggestions?  I am aware the Fastream only supports explicit and I have that selected in FileZilla.

On the firewall log it shows:  the port 990 is connecting fine but then it fails trying to go to port 10000

any ideas?
ekeeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ekeeAuthor Commented:
It seems like the failure is in the way my network is set up?  Maybe the NAT?
dpk_walCommented:
If the client uses active mode instead of passive is the problem eliminated; if yes, then we need to set up NAT differently on WG.

Thank you.
ekeeAuthor Commented:
I eventually worked it out myself.  The solution required all of the following - Manual Passive Mode, turned on.  WAN IP selected and entered.  Passive port range set and we had to open the same ports on the WG.  It's a little clunky but it works.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dpk_walCommented:
Thank you for the update.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.