(SOLVED) FileZilla Server FTPS not Working - Passive Mode fails

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#1
I am trying to create a server using FileZilla Server and use FTPS over Public Network/IP.

FileZilla (not FileZilla Server) error:

Status: Connection established, waiting for welcome message...​
Status: Initializing TLS...​
Status: Verifying certificate...​
Status: TLS connection established.​
Status: Logged in​
Status: Retrieving directory listing...​
Status: Server sent passive reply with unroutable address. Passive mode failed.
Command: PORT 192,168,1,5,255,237
Response: 200 Port command successful
Command: MLSD
Response: 150 Opening data channel for directory listing of "/"
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing

FileZilla Server side:


> 230 Logged on​
> PBSZ 0​
> 200 PBSZ=0​
> PROT P​
> 200 Protection level set to P​
> PWD​
> 257 "/" is current directory.​
> TYPE I​
> 200 Type set to I​
> PASV​
> 227 Entering Passive Mode (192,168,1,8,248,94)​
> PORT 192,168,1,5,192,55​
> 200 Port command successful​
> MLSD​
> 150 Opening data channel for directory listing of "/"​
> 425 Can't open data connection for transfer of "/"​


Local network/IP it works fine:

Status: Connection established, waiting for welcome message...​
Status: Initializing TLS...​
Status: Verifying certificate...​
Status: TLS connection established.​
Status: Logged in​
Status: Retrieving directory listing...​
Status: Directory listing of "/" successful​
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,669
#2
Firewall rule to allow the internet access to the service? Have you tried active mode as well? When I get that listing problem I try toggle between active/passive first.
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#3
Firewall rule to allow the internet access to the service? Have you tried active mode as well? When I get that listing problem I try toggle between active/passive first.
I tried Active, unfortunately it is still not working.

What firewall rule though? I've added FileZilla to the firewall and also Port 21.
I've got a Tenda router and added under NAT:
1551715775765.png

I assume it is Virtual Servers as there is no Port Forwarding option....
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,669
#4
I tried Active, unfortunately it is still not working.

What firewall rule though? I've added FileZilla to the firewall and also Port 21.
I've got a Tenda router and added under NAT:
View attachment 627348

I assume it is Virtual Servers as there is no Port Forwarding option....
"The default Explicit FTPS port is 21. The default Implicit port is 990 ( after handshake it will switch automatically to 989 for data transmission, if not configured differently).May 22, 2009"

Perhaps those other two ports?
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#5
"The default Explicit FTPS port is 21. The default Implicit port is 990 ( after handshake it will switch automatically to 989 for data transmission, if not configured differently).May 22, 2009"

Perhaps those other two ports?
Still nothing.

If I connect without FTPS , and I then connect with FTPS , it seems to work. If I open Filezilla and forst thing connect with FTPS it doesn't work.
 
Last edited:

quovadis

Expert Member
Joined
Sep 10, 2004
Messages
2,672
#6
In filezilla specify your custom passive port ranges and enable forwarding rules for that range. There are more elegant ways to do this but most consumer routers lack the functionality to dynamically open the ports for the passive requests.
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#7
In filezilla specify your custom passive port ranges and enable forwarding rules for that range. There are more elegant ways to do this but most consumer routers lack the functionality to dynamically open the ports for the passive requests.
I will try that thanks.
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#8
In filezilla specify your custom passive port ranges and enable forwarding rules for that range. There are more elegant ways to do this but most consumer routers lack the functionality to dynamically open the ports for the passive requests.
Still no luck. :cautious:
 

WAslayer

Expert Member
Joined
May 13, 2011
Messages
2,937
#10

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#11
Try using a non-default port number to rule out your router or another device blocking or manipulating your traffic over the default port..
I have tried that. Non default doesn't work with or without FTPS. Used Port 2100


> disconnected.
> Connected on port 2100, sending welcome message...
> 220-FileZilla Server 0.9.60 beta
> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
> 220 Please visit https://filezilla-project.org/
> AUTH TLS
> 234 Using authentication type TLS
> TLS connection established
> USER xxxxxx
> 331 Password required for xxxxxxx
> PASS *************
> 230 Logged on
> PBSZ 0
> 200 PBSZ=0
> PROT P
> 200 Protection level set to P
> PWD
> 257 "/" is current directory.
> TYPE I
> 200 Type set to I
> PASV
> 421 Could not create socket.
> PORT 192,168,1,5,216,135
> 200 Port command successful
> MLSD
> 150 Opening data channel for directory listing of "/"
> 425 Can't open data connection for transfer of "/"
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#14
You need to specify your public ip in passive mode settings, the current ip of 192.168.1.5 is private netblock and unroutable on the net.

It tells the connecting client where to bind the socket to.

Can send you example config in the morning if you would like
Please send me an example. Thanks!
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,669
#15
I got so annoyed with the complexity of setting up a FTP server and these kinda hassles that I switched to SCP.
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#16
I got so annoyed with the complexity of setting up a FTP server and these kinda hassles that I switched to SCP.
Can you please send me a link so I can look into it. Googling SCP gives me some weird stuff.

It looks like with FTP the biggest issue is having a Router. But I didn't realise it is such a pain to set up. I know my lack of knowledge greatly contributes to the issues, but after doing so many google searches none of the solutions work. Maybe I just missing something....
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#17
Incoming Screenshots:

Server Side:
1551762405409.png

1551762572831.png

I have also tried with Port 21.


The computer connecting will have to use Windows Network Location most likely.
1551762761183.png
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,669
#18
Can you please send me a link so I can look into it. Googling SCP gives me some weird stuff.

It looks like with FTP the biggest issue is having a Router. But I didn't realise it is such a pain to set up. I know my lack of knowledge greatly contributes to the issues, but after doing so many google searches none of the solutions work. Maybe I just missing something....
SCP is secure file copy. Its copying files over ssh (more secure).

Basically the syntax looks like:

# scp local_files/* username@server.com:/remote_location/

There is a windows client (with the ftp style/commander gui interface) called winscp. I think the people who make putty have one.
 

RedViking

Nord of the South
Joined
Feb 23, 2012
Messages
18,446
#19
SCP is secure file copy. Its copying files over ssh (more secure).

Basically the syntax looks like:

# scp local_files/* username@server.com:/remote_location/

There is a windows client (with the ftp style/commander gui interface) called winscp. I think the people who make putty have one.
Thanks. I'll give it a shot.
 

ghoti

Karmic Sangoma
Joined
Jan 17, 2005
Messages
45,669
#20
Thanks. I'll give it a shot.
Its a real nifty system. If you can SSH into your system you will be able to SCP.

Also, if you have large amounts of files you need to copy (like GBs) consider rsync through ssh.
 
Top