Non-passive IP address not forced for SSL/TLS connections
|Reported by:||dramatools||Owned by:|
|Keywords:||Cc:||dramatools, Tim Kosse|
|Component version:||Operating system type:|
|Operating system version:|
The IP address set in "Edit -> Settings -> Connection
-> Firewall Settings -> Use the following IP address
for non-passive transfers" is not relayed to the server
for SSL/TLS connections, making active connections
impossible through NAT firewalls. The remote system
attempts to open the data channel to the NAT host
(which is, of course, unreachable) instead.
Logfile attached. In the transcript, 10.10.1.1 is a
placeholder for the public server (it isn't NAT'ed).
172.20.2.61 is the client located by a NAT router.