If Serv-U is running behind a firewall or proxy server with address translation, passive mode data transfers (as used by all Web browsers) will generally not work. The reason is that the IP address of the server is not the same as the IP address outside users should use to connect to the server. Serv-U does not know this, and when the FTP client program asks for its passive IP address it will give the wrong (internal) address.
You can often tell if your server is behind a firewall or proxy server because the server’s IP address is a dummy IP address, which can only be used locally on a LAN, and which will not work over the Internet. Any IP address starting with these numbers is a dummy IP address:
192.168.xxx.xxx
172.16.xxx.xxx – 172.31.xxx.xxx
10.xxx.xxx.xxx
You can use the "Help | Local IP Address" menu selection to view the IP address(es) of your computer.
What is needed is some way to tell Serv-U what IP address it should hand out to FTP clients when they want to do a passive mode data transfer, the right address is the IP address the outside world should use to connect to the server. This can be done via the Domain Settings Advanced tab. In that tab is an entry for IP for passive mode, which is where the IP address to report to FTP clients goes.
Example
Say a server is behind a firewall, and has an IP address 192.168.0.10. The outside world accesses the server by using, for example, address 243.56.78.1. To make passive mode work, enter '243.56.78.1' as the IP to use for passive mode for the domain.
The above assumes the firewall is set up to pass all the needed packets on to the server. In particular, this means the firewall has to allow incoming TCP connections to port 21 on the server, allow outgoing TCP connections from port 20 (for regular mode data transfers), and allow incoming TCP connections to any random port between 1024 and 65535 on the server (for passive mode transfers). Depending on what the firewall allows to pass it may be that despite passive mode address translation it is still not possible to use passive mode for data transfers.
If the firewall is blocking incoming connections to ports between 1024 and 65535 not all is lost yet. You may be able to open up the firewall to pass a limited range of ports to be used for passive mode data transfers. The Advanced tab in the Server Settings is used to accomplish this.