On 5 May 2016 4:54 p.m., "Gordon Messmer" <gordon.messmer at gmail.com> wrote: > > On 05/05/2016 06:15 AM, Marcin Trendota wrote: >> >> Also this IP looks weird - shouldn't it be public IP? > > > > Yes, it should. Are you using FTPS (FTP with TLS)? > > You probably need to set the pasv_address option. > > > Although of course FTPS (FTP over SSL) breaks the snooping required for the related conntracking which makes firewall configuration hell. Do yourself a favour and drop FTP, switching over to SFTP instead as that's far easier to secure and you only have to care about the single TCP port for firewalls.