FTP through managed firewall. slightly different question

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
User avatar
Cynyster
504 Command not implemented
Posts: 7
Joined: 2013-05-17 00:14
First name: Patrick
Last name: Moran
Location: Ohio

FTP through managed firewall. slightly different question

#1 Post by Cynyster » 2019-08-15 11:12

I am attempting to connect to my FileZillaServer which I have set up properly for FTPS with a generated certificate and all appropriate ports forwarded through my home firewall (21,990, 30000-30100) and everything works fine as long as my remote computer has unrestricted access to the internet.

I find myself working at a location that has a managed firewall and I am unable to download the directory structure.
Filezilla completes the handshake but cannot seem to retrieve the directory listing.

Status: Connecting to XX.XX.XX.XX:21...
Status: Connection established, waiting for welcome message...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Resolving address of
Status: Connecting to XX.XX.XX.XX:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (XX,XX,XX,XX,XX,XX)
Command: MLSD
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing
Status: Disconnected from server


Needless to say I need to have a talk with the firewall management company.
Do I need to tell them that they need to allow ports 21 & 990
or do they need to open up the 30000-30100 as well?

Thanks for the help
Life without music is a mistake.

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FTP through managed firewall. slightly different question

#2 Post by botg » 2019-08-16 07:00

Yes, for the data connections to work the client needs to be allowed to connect to whatever port the server desires. Since the port is assigned server-side, it's best to just allow the clients to connect to all ports in the range 1-65535.

User avatar
Cynyster
504 Command not implemented
Posts: 7
Joined: 2013-05-17 00:14
First name: Patrick
Last name: Moran
Location: Ohio

Re: FTP through managed firewall. slightly different question

#3 Post by Cynyster » 2019-08-16 08:15

Thanks you for the reply.

Somehow I have a feeling that the firewall management company are going to Freak at opening up all the ports.

Even though I take issue with the philosophy that opening all outgoing ports is a security risk, the firewall management companies tend to operate on the idea that only about 10 ports should be necessary. :lol:

Since my filezilla server is constrained to 30000-30100 I will have them open that range as well.


Thank you again for your reply.

Cheers
Life without music is a mistake.

User avatar
boco
Contributor
Posts: 24651
Joined: 2006-05-01 03:28
Location: Germany

Re: FTP through managed firewall. slightly different question

#4 Post by boco » 2019-08-16 08:54

Oh, I guess even only mentioning FTP will already be enough to drive them up into the treetops...
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Post Reply