Hello,
I’m just curios, does Mikrotik ftp nat helper working when enryption is used and FTP configured to work in passv mode ?
At this moment i can reach server only when passv ports are dst-nated to host under ip>firewal>nat settings
BR,
Dmitris
How could it? It works by examining packets of control connection, reading commands and responses, changing addresses and ports in them, using that info to recognize data connections. If control connection is enrypted, it can’t do any of that.
Thank you Sob!
It’s all what i want to know…
btw,
Juniper devices have ftps-extension alg which does work with such type of traffic and this is why i was so curious about mikrotik ftp helper.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB19444
No, linked page is about something else. It says that previously, encrypted connections were blocked, because the helper was apparently too nosy and didn’t like AUTH command. Now it doesn’t do that. And it seems to be meant only for client use, because it says that only passive connections work (they are simple outgoing connections, no special treatment is necessary for them). But active ones (where server connects to client) still don’t. And can’t because for that it would have to be possible to read control connection.