ssl enabled vsftpd server in virtual machine with NAT

Hello,

I set up a virtual machine (configured with NAT virtual networking) running vsftpd on Linux as a FTP server. This FTP server is SSL enabled with both control and data connections requiring SSL. Active FTP is disabled, only passive FTP is enabled.

I configured the file /etc/vmware/vmnet8/nat/nat.conf to have port 21/tcp on the host forwarded to port 21/tcp on the guest. I also defined forwardings for the passive ports.

From the host, I can successfully ftps the guest IP address on port 21/tcp. I use lftp as the FTP client and all works as expected.

Now, if I try to ftps the host IP address on port 21/tcp, then it does not work. Debugging FTP information on both client and server sides give the following.

On the client side:

$ lftp -p 21 -u bob XXX.XXX.XXX.XXX

Password:

lftp bob@XXX.XXX.XXX.XXX:~> debug

lftp bob@XXX.XXX.XXX.XXX:~> ls

-

Connecting to XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX) port 21

<--- 220 FTP server ready.

---> FEAT

<--- 211-Features:

<---  AUTH SSL

<---  AUTH TLS

<---  EPSV

<---  MDTM

<---  PASV

<---  PBSZ

<---  PROT

<---  REST STREAM

<---  SIZE

<---  TVFS

<---  UTF8

<--- 211 End

---> AUTH TLS

<--- 234 Proceed with negotiation.

---> OPTS UTF8 ON

`ls' at 0 http://Logging in...

On the server side:

Thu Jan 15 11:31:49 2009 CONNECT: Client "XXX.XXX.XXX.XXX"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", "220 FTP server ready."

Thu Jan 15 11:31:49 2009 FTP command: Client "XXX.XXX.XXX.XXX", "FEAT"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", "211-Features:"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " AUTH SSL??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " AUTH TLS??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " EPSV??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " MDTM??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " PASV??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " PBSZ??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " PROT??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " REST STREAM??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " SIZE??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " TVFS??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", " UTF8??"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", "211 End"

Thu Jan 15 11:31:49 2009 FTP command: Client "XXX.XXX.XXX.XXX", "AUTH TLS"

Thu Jan 15 11:31:49 2009 FTP response: Client "XXX.XXX.XXX.XXX", "234 Proceed with negotiation."

It is like if the TLS negotiation could not be made... The FTP server never receives the command "OPTS UTF8 ON" sent by the FTP client.

I tried a lot of things but I am stuck with this. Does anybody know what may be happening here?

Thanks.