Try looking in to a reverse proxy (Squid) that support SSL. This way your clients would FTPS to the proxy box which would in turn connect to the FTPS server behind the firewall. Grant. . . . Derick Anderson wrote: > By default FTPS (FTP over SSL, not to be confused with FTP/SSH or SFTP) > runs on port 990. It also sounds like you're using passive mode - if so > you may need to open those ports as well. It would make sense to me > (although I don't know) that conntrack_ftp could only track unsecured > FTP sessions since the only indication of a port change is in the packet > data (which would be encrypted). Someone may know better than I, though.
