I have a question that seems to be answered by no one yet, altough I have seen many with the same problem.

The situation :

Internet -> Firewall -> Server -> NAT -> VM

I have an online hosted server, that has virtual machines running. I have forwarded the port 21 to the NAT in the server firewall configuration (iptables), and I have configured the NAT to forward the contents of port 21 to the correct virtual machine (in nat.conf).

I have managed to have active FTP connections. The problem is managing passive FTP connections.

To manage passive FTP connections I have opened a range of ports from 20000 to 20010, on my server and redirected them to the NAT.  Have configured the NAT to redirect the ports to the virtual machine. And I also have confgured my ProFTPd, to use those ports for passive FTP. I my FTP configuration I also have put my external address as MasqueradeAddress, so that passive FTP clients connect to the server external address, and not the internal NAT address.

The problem is : When a client sends a PASV command the server responds with an internal address (192.168.xxx.xxx) and incorrect ports. The MasqueradeAddress and the port configuration are not taken in consderation.

My question : Is it possible that the VMWare NAT is altering the ftp server response, replacing the external address and ports with its own ?