We are trying to setup a secure FTP server and sftp://xx.yy.zz.aa/ is working fine, since that uses sshd logic and incoming connections are chrooted fine using the "Match Group" semantics. Both WinSCP and Filezilla are good with this.

The problem comes when we try to connect securely to the FTP server [SLES 11 SP3; PureFTPD - rpm is pure-ftpd-1.0.22-3.19.1] The FTP server is in a DMZ within a FortiGate HA firewall.

FileZilla client to our ftpes://xx.yy.zz.aa/ server gets a response of "500 I won't open a connection to 192.168.xx.yy (only to 192.168.aa.bb)" where 192.168.xx.yy is the external address of the FTP client [within a home office VPN network] and 192.168.aa.bb is the internal address of the DMZ network interface. FileZilla stays connected, but cannot give a directory; WinSCP gives up.

"Ordinary" FTP works fine with PureFTPD chrooted connections.

I've googled 'till blue in the face, but no suggestions I have seen are helpful.

OldMalden