Configuring ProFTPD

First configure your ProFTPD install so that it works right from inside the NAT. There are example configuration files included with the source.

Then add the directive "MasqueradeAddress" in your etc/proftpd.conf file to define the public name or IP address of the NAT:

MasqueradeAddress	ftp.mydomain.com
	-or-
MasqueradeAddress	123.45.67.89

Now your ProFTPD will hide it's local address and instead use the public address of your NAT.

However, one BIG problem exists.

The passive FTP connections will use ports from 1024 and up, which means that you must forward all ports 1024-65535 from the NAT to the FTP server! And you have to allow lots of (possibly) dangerous ports in your firewalling rules!

Have no fear, simply use the PassivePorts directive in your etc/proftpd.conf to control what ports ProFTPD uses:

PassivePorts 60000 65535	# These ports should be safe...

Now start the FTP daemon and you should see something like

123.45.67.89 - Masquerading as '123.45.67.89' (123.45.67.89)