On 03/01/11 6:10 PM, Markus Falb wrote: >> and, worse, since the control channel is encrypted, this can't be done >> > via a port monitor that sniffs and modifies 'port' commands, so this >> > causes problems at BOTH ends of a NAT > Could it be that the iptables ftp conntrack and nat modules does not > work with ftps because of this ? exactly.