I want to have a server running that enables file transfers in a secure way and at the same time chroot the users in a specific directory. For this purpose i have installed vsftpd as the server and uses filezilla as the client(sertype: explicit FTPES).

I have enabled passive mode on both the client and the server

This is where i enable the ssl in vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

However it seems that the servers firewall blocks the dataconnection signal so in order to circumvent this i enabled the following in vsftpd.cońf

pasv_enable=YES
pasv_min_port=X
pasv_max_port=Y

and i then open the ports X-Y in my firewall.

Now it works fine on my LAN. But when i try to connect to the server from the internet it doesn't. There is a connection but the content can't be listed, and the client is disconnected.

It should be mentioned that both the server and the client is standing behind separate routers, and i have portforwarded ports 20, 21 and X-Y to my server.

Could someone please help me???
Why is it not working?- it works fine when i just use a FTP connection.

/etc/hosts.allow

Thanks.
But that won't help bypassing the routers firewall would it??