1

I've configured FileZilla server successfully (without SSL/TLS) by port forwarding:

-Modem (external ISP address): TCP 21, 990, 50000-50100 -> 10.1.10.10

-Router (external 10.1.10.10): TCP 21, 990, 50000-50100 -> 192.168.1.61 (server)

And allowing Windows Firewall TCP(and UDP) ports 21, 990 and 50000-50100. I also set FileZilla server to use a custom port range for passive mode (50000-50100)

However

As soon as I enable the following checkboxes in FileZilla server:

  • Enable FTP over SSL/TLS support (FTPS)
  • Allow explicit FTP over TLS
  • Disallow plain unencrypted FTP
  • For PROT P to encrypt file transfers in SSL/TLS mode

The connection is made (accept the certificate), but the client fails at the MLSD command after entering passive mode.

Does explicit SSL/TLS use different ports? If I try implicit SSL (port 990) the connection isn't even made. I would settle for either type of secure connection working.

David Fox
  • 219
  • 1
  • 5
  • 11

1 Answers1

0

Your explicit connection is likely being killed by stateful packet inspection (SPI) or deep packet inspection (DPI) of your router. You should be able to disable that and/or add an exception for the MLSD command.

Your implicit connection needs TCP 989 for the data channel.

Reality Extractor
  • 1,490
  • 2
  • 14
  • 23
  • I don't think my router (WRT54G) has SPI, nor the modem. I also opened TCP 989 on modem, router and server. The implicit connection still hangs (doesn't ever connect) – David Fox Jan 07 '12 at 14:44