Simply put, FTPS (FTP Secure) and firewalls, especially those performing Network Address Translation (NAT), may not always work seamlessly together. While the control connection, established on a well-known port, generally proceeds without complications, the data connection poses challenges for firewalls designed to understand FTP.
In a typical FTP session without FTPS, firewalls can inspect the FTP server's responses on the control connection, specifically in response to a client's PASV or PORT command. This allows the firewall to discern the ports and addresses on which the data connection will be established.
However, in an FTPS session, these control connection messages are encrypted, preventing FTP-aware firewalls from inspecting them. Consequently, the firewall cannot determine the ports on which the data connection will be established in FTPS. For firewalls configured to permit a specific range of ports, such as in passive mode, FTPS should operate without issues.
To configure for passive FTP (the preferred method), see My IP address begins with 192.168.xxx.xxx. Is there anything special I have to do for people to see my FTP Server on the Internet?