Failure to establish TLS connection behind NAT gateway
|Reported by:||peter_daum||Owned by:||Alexander Schuch|
|Keywords:||Cc:||peter_daum, Alexander Schuch, easiconseil, mortemorte|
|Component version:||Operating system type:|
|Operating system version:|
FileZilla (2.2.12c) can't establish a TLS connection to
server (possibliy other servers, too?) when it (the
is sitting behind a NAT gateway.
The problem already arises during the TLS connection
(so this is _not_ a "classical" firewall issue with
tracking the data connections!).
The conversation looks like this:
- Client connects to server
- Server responds with ready
- Client sends "AUTH TLS"
- Server responds with OK
- Client sends some (scrambled) request
- Server responds with (scrambled) response (obviously OK,
since there is no indication of any failure in the log)
- Both parties wait for something that doesn't happen
- ... eventually, FileZilla times out and starts all
The connection does not get to the point, where the TLS
for the control channel is succesfully established
(this would show
up in the log files)
Whe the FileZilla client has a "real" IP address, it
can cooperate with
the same server. Other clients (I tested "lftp") have
no problem to
establish the TLS connection through the NAT gateway.
Attached is a packet dump of the network traffic (
which due to the
encryption is not really enlightening)