The File Transfer Protocol (FTP) has a PORT command by which
a client sends its address back to the server. The server
then connects to the client at that address to send the file
data. If the client looks up its own internal address and
sends this to the server, the connection will fail. In this
specific case, there are two solutions to the problem. First,
configure the client to send its public IP address.
Second, the client can use "passive FTP"
which makes connections only to the server, rather than from
the server to the client. In general, applications which
encode local addresses and port numbers in data sent to
external servers might have problems with NAT. Care must
always be taken to send the public address, rather than the
internal one.
We recommend using passive mode unless it is not supported by
the FTP server.