FTPS - 无法通过 WAN 打开数据连接

这是我的设置，

• 1 个 Windows 2008 R2 标准盒/安装 G6 FTP 服务器
• G6 配置为仅使用显式 SSL 连接 (TCP:990)
• 1 WatchGaurd Firebox 防火墙（服务器和内部网络之间）

因此，当我连接到 LAN 时，我可以毫无问题地连接并列出 FTPS 服务器上的目录（实际上，RDP 进入 Win 2k8 框，你明白了），但是当我尝试远程连接到 FTPS 站点时，我似乎无法列出我在服务器上配置的用户的主目录

13/05/29 20:00:48, 39, 98.208.xx.xx, , new connection from 98.208.xx.xx on 10.1.2.252:990 (Explicit SSL only)
13/05/29 20:00:48, 39, 98.208.xx.xx, , hostname resolved : c-98-208-xx-xx.hsd1.ca.comcast.net
13/05/29 20:00:48, 39, 98.208.xx.xx, , sending welcome message.
13/05/29 20:00:48, 39, 98.208.xx.xx, , 220 Gene6 FTP Server v3.10.0 (Build 2) ready...
13/05/29 20:00:48, 39, 98.208.xx.xx, , AUTH TLS
13/05/29 20:00:48, 39, 98.208.xx.xx, , 234 AUTH command ok; starting SSL connection.
13/05/29 20:00:48, 39, 98.208.xx.xx, , establishing encrypted session
13/05/29 20:00:48, 39, 98.208.xx.xx, , USER username
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 331 Password required for username.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PASS ****
13/05/29 20:00:48, 39, 98.208.xx.xx, username, logged in as "username".
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 230 User username logged in.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, SYST
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 215 UNIX Type: L8
13/05/29 20:00:48, 39, 98.208.xx.xx, username, FEAT
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 211-Extensions supported:
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  AUTH TLS
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  CCC
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  CLNT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  CPSV
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  EPRT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  EPSV
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MDTM
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MFCT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MFMT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MLST type*;size*;create;modify*;
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  MODE Z
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  PASV
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  PBSZ
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  PROT
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  REST STREAM
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  SIZE
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  SSCN
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  TVFS
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  UTF8
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  XCRC "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  XMD5 "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username,  XSHA1 "filename" SP EP
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 211 End.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, CLNT FileZilla
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Noted.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, OPTS UTF8 ON
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 UTF8 OPTS ON
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PBSZ 0
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 PBSZ=0
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PROT P
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 PROT command successful.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PWD
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 257 "/" is current directory.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, TYPE I
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Type set to I.
13/05/29 20:00:48, 39, 98.208.xx.xx, username, PORT 98,208,65,76,34,82
13/05/29 20:00:48, 39, 98.208.xx.xx, username, 200 Port command successful.
13/05/29 20:00:49, 39, 98.208.xx.xx, username, MLSD
13/05/29 20:01:01, 38, 98.208.xx.xx, username, 425 Cannot open data connection.
13/05/29 20:01:01, 38, 98.208.xx.xx, username, disconnected. (00d00:00:22)
13/05/29 20:01:10, 39, 98.208.xx.xx, username, 425 Cannot open data connection.
13/05/29 20:01:10, 39, 98.208.xx.xx, username, disconnected. (00d00:00:22)

现在，我很清楚 FTP 需要打开数据（TCP/20）和会话（TCP/21）端口，但考虑到我没有使用端口 21 - 考虑到我使用的是 SSL（FTPS）上的端口 990，我该如何确定我正在使用哪个数据端口？

我已经在面向 Internet 的防火墙和 Windows Server 防火墙上打开了端口 20、端口 21 和端口 990 进行测试，但通过 Internet 连接时仍然无法获取目录列表。我尝试在 Filezilla 中使用 ACTV 和 PASV 方法进行连接，但仍然没有成功。我记得以前这种问题通常是由于主动和被动连接造成的，但我记不清细节了。如果这全是由于主动或被动造成的，那么为什么我从网络的 LAN 端连接时能够获取目录列表？

与此用户共享的文件夹的权限已授予所有人完全权限，只是为了消除这个问题，即为什么我可以获得目录列表。

所以我的问题是 - 这到底是怎么回事？为什么我无法通过 WAN 建立数据连接，但可以通过 LAN 建立数据连接？这是否是由于显式 SSL 造成的？主动/被动问题？

以下是成功的本地 FTPS 会话的日志输出

13/05/29 20:16:32, 40, 10.1.2.252, , new connection from 10.1.2.252 on 10.1.2.252:990 (Explicit SSL only)
13/05/29 20:16:32, 40, 10.1.2.252, , hostname resolved : IMSSERVER.alpine.local
13/05/29 20:16:32, 40, 10.1.2.252, , sending welcome message.
13/05/29 20:16:32, 40, 10.1.2.252, , 220 Gene6 FTP Server v3.10.0 (Build 2) ready...
13/05/29 20:16:32, 40, 10.1.2.252, , AUTH TLS
13/05/29 20:16:32, 40, 10.1.2.252, , 234 AUTH command ok; starting SSL connection.
13/05/29 20:16:32, 40, 10.1.2.252, , establishing encrypted session
13/05/29 20:16:32, 40, 10.1.2.252, , USER username
13/05/29 20:16:32, 40, 10.1.2.252, username, 331 Password required for username.
13/05/29 20:16:32, 40, 10.1.2.252, username, PASS ****
13/05/29 20:16:32, 40, 10.1.2.252, username, logged in as "username".
13/05/29 20:16:32, 40, 10.1.2.252, username, 230 User username logged in.
13/05/29 20:16:32, 40, 10.1.2.252, username, CLNT FileZilla
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Noted.
13/05/29 20:16:32, 40, 10.1.2.252, username, OPTS UTF8 ON
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 UTF8 OPTS ON
13/05/29 20:16:32, 40, 10.1.2.252, username, PBSZ 0
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 PBSZ=0
13/05/29 20:16:32, 40, 10.1.2.252, username, PROT P
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 PROT command successful.
13/05/29 20:16:32, 40, 10.1.2.252, username, PWD
13/05/29 20:16:32, 40, 10.1.2.252, username, 257 "/" is current directory.
13/05/29 20:16:32, 40, 10.1.2.252, username, TYPE I
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Type set to I.
13/05/29 20:16:32, 40, 10.1.2.252, username, PORT 10,1,2,252,220,229
13/05/29 20:16:32, 40, 10.1.2.252, username, 200 Port command successful.
13/05/29 20:16:32, 40, 10.1.2.252, username, MLSD
13/05/29 20:16:32, 40, 10.1.2.252, username, 150 Opening data connection for directory list.
13/05/29 20:16:32, 40, 10.1.2.252, username, establishing encrypted session
13/05/29 20:16:32, 40, 10.1.2.252, username, 226 Transfer ok.