I have setup a ProFTPD server with TLS security behind NAT.
Because of the security, I had to use the PassivePorts and MasqueradeAddress directives to have the server use our public IP address and everything is working great with connections made from the Internet (i.e.: the server advertises the correct IP in the PORT command).
Although, data transfers within our LAN fail, because the PORT command is advertising our public IP intead of the private IP. This seems to be addressed in an HowTo on the officiale ProFTPD site, at http://www.proftpd.org/docs/howto/NAT.html
(last question) but the proposed solution does not actually work: setting up a VirtualHost with the private IP will actually catch *all* connections, because of the NAT, thus MasqueradeAddress will not be used.
So: is there any facility to have the ProFTPD always send the right address in PORT commands? I have also looked at pure-ftpd, but it seems it has no such feature either (and even lacks virtual hosts).