FTPS - Não é possível abrir a conexão de dados pela WAN

Aqui está minha configuração,

• 1 Servidor FTP do Windows 2008 R2 Standard / w G6 instalado
• O G6 está configurado para usar somente conexões SSL explícitas (TCP: 990)
• 1 Firewall do WatchGaurd Firebox (entre servidor e rede interna)

Portanto, posso ligar sem problemas e listar diretórios no servidor FTPS quando me conecto ao servidor enquanto estou conectado à LAN (na verdade, RDP'd na caixa Win 2k8, você tem a idéia), mas quando Eu tento conectar-me remotamente ao site FTPS Eu não consigo listar o diretório home do usuário que eu configurei no servidor

13/05/29 20:00:48, 39, 98.208.xx.xx, , new connection from 98.208.xx.xx on 10.1.2.252:990 (Explicit SSL only)
13/05/29 20:00:48, 39, 98.208.xx.xx, , hostname resolved : c-98-208-xx-xx.hsd1.ca.comcast.net
13/05/29 20:00:48, 39, 98.208.xx.xx, , sending welcome message.
13/05/29 20:00:48, 39, 98.208.xx.xx, , 220 Gene6 FTP Server v3.10.0 (Build 2) ready...
13/05/29 20:00:48, 39, 98.208.xx.xx, , AUTH TLS
13/05/29 20:00:48, 39, 98.208.xx.xx, , 234 AUTH command ok; starting SSL connection.
13/05/29 20:00:48, 39, 98.208.xx.xx, , establishing encrypted session
13/05/29 20:00:48, 39, 98.208.xx.xx, , USER username
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 331 Password required for username.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PASS ****
13/05/29 20:00:48, 39, 98.208.xx.xx, username, logged in as "username".
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 230 User username logged in.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, SYST
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 215 UNIX Type: L8
13/05/29 20:00:48, 39, 98.208.xx.xx, username, FEAT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 211-Extensions supported:
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  AUTH TLS
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  CCC
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  CLNT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  CPSV
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  EPRT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  EPSV
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MDTM
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MFCT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MFMT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MLST type*;size*;create;modify*;
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MODE Z
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  PASV
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  PBSZ
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  PROT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  REST STREAM
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  SIZE
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  SSCN
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  TVFS
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  UTF8
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  XCRC "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  XMD5 "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  XSHA1 "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 211 End.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, CLNT FileZilla
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Noted.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, OPTS UTF8 ON
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 UTF8 OPTS ON
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PBSZ 0
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 PBSZ=0
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PROT P
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 PROT command successful.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PWD
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 257 "/" is current directory.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, TYPE I
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Type set to I.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PORT 98,208,65,76,34,82
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Port command successful.
13/05/29 20:00:49, 39, 98.208.xx.xx, username, MLSD
13/05/29 20:01:01, 38, 98.208.xx.xx, username, 425 Cannot open data connection.
13/05/29 20:01:01, 38, 98.208.xx.xx, username, disconnected. (00d00:00:22)
13/05/29 20:01:10, 39, 98.208.xx.xx, username, 425 Cannot open data connection.
13/05/29 20:01:10, 39, 98.208.xx.xx, username, disconnected. (00d00:00:22)

Agora, estou ciente de que o FTP exige que uma porta DATA (TCP / 20) e SESSION (TCP / 21) seja aberta, mas considerando que não estou usando a porta 21 - como determinar qual porta de dados eu sou? usando considerando estou usando a porta 990 sobre SSL (FTPS)?

Eu abri a porta 20, a porta 21 e a porta 990 como um teste no firewall da Internet e no firewall do Windows, mas ainda não consigo obter uma listagem de diretórios quando me conecto pela Internet. Eu tentei conectar usando os métodos ACTV e PASV no Filezilla e ainda não há dados. Lembro-me de que, no passado, esse tipo de problema geralmente se deve a conexões ativas e passivas, mas os detalhes estão obscuros em minha mente. E se tudo isso foi devido a ativo ou passivo, por que eu seria capaz de obter uma listagem de diretórios quando eu me conecto do lado da rede da rede?

As permissões na pasta que está sendo compartilhada com este usuário têm permissões permanentes concedidas a todos apenas para eliminar isso como sendo o problema por trás do motivo pelo qual eu posso obter uma listagem de diretórios.

Então, minha pergunta é: o que exatamente está acontecendo aqui? Por que não consigo obter uma conexão de dados através da WAN, mas posso via LAN? Isso é de alguma forma devido ao SSL explícito? Questão ativa / passiva?

Aqui está a saída do log de uma sessão FTPS local bem-sucedida

13/05/29 20:16:32, 40, 10.1.2.252, , new connection from 10.1.2.252 on 10.1.2.252:990 (Explicit SSL only)
13/05/29 20:16:32, 40, 10.1.2.252, , hostname resolved : IMSSERVER.alpine.local
13/05/29 20:16:32, 40, 10.1.2.252, , sending welcome message.
13/05/29 20:16:32, 40, 10.1.2.252, , 220 Gene6 FTP Server v3.10.0 (Build 2) ready...
13/05/29 20:16:32, 40, 10.1.2.252, , AUTH TLS
13/05/29 20:16:32, 40, 10.1.2.252, , 234 AUTH command ok; starting SSL connection.
13/05/29 20:16:32, 40, 10.1.2.252, , establishing encrypted session
13/05/29 20:16:32, 40, 10.1.2.252, , USER username
13/05/29 20:16:32, 40, 10.1.2.252, username, 331 Password required for username.
13/05/29 20:16:32, 40, 10.1.2.252, username, PASS ****
13/05/29 20:16:32, 40, 10.1.2.252, username, logged in as "username".
13/05/29 20:16:32, 40, 10.1.2.252, username, 230 User username logged in.
13/05/29 20:16:32, 40, 10.1.2.252, username, CLNT FileZilla
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Noted.
13/05/29 20:16:32, 40, 10.1.2.252, username, OPTS UTF8 ON
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 UTF8 OPTS ON
13/05/29 20:16:32, 40, 10.1.2.252, username, PBSZ 0
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 PBSZ=0
13/05/29 20:16:32, 40, 10.1.2.252, username, PROT P
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 PROT command successful.
13/05/29 20:16:32, 40, 10.1.2.252, username, PWD
13/05/29 20:16:32, 40, 10.1.2.252, username, 257 "/" is current directory.
13/05/29 20:16:32, 40, 10.1.2.252, username, TYPE I
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Type set to I.
13/05/29 20:16:32, 40, 10.1.2.252, username, PORT 10,1,2,252,220,229
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Port command successful.
13/05/29 20:16:32, 40, 10.1.2.252, username, MLSD
13/05/29 20:16:32, 40, 10.1.2.252, username, 150 Opening data connection for directory list.
13/05/29 20:16:32, 40, 10.1.2.252, username, establishing encrypted session
13/05/29 20:16:32, 40, 10.1.2.252, username, 226 Transfer ok.