FileZilla Forums

Welcome to the official discussion forums for FileZilla
Donate to project
It is currently 2014-04-23 23:18

All times are UTC




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Firewall/Port problem
PostPosted: 2011-10-24 22:33 
Offline
500 Command not understood

Joined: 2011-10-24 22:10
Posts: 3
I have setup a filezilla ftp server with these ports:

"Connection Settings"
Listen on these ports: 1983

"SSL/TLS Settings"
SSL/TLS connections: 1985

If I create a rule in my firewall to allow everything, it works fine. I don't want this though.

Could somebody tell me which ports I need to open in order to use this ftps:// server?

I have tried allowing 1982 - 1985 (inclusive) but this doesn't work. I end up with the following error when trying to connect from a remote client:

Code:
Status:   Server sent passive reply with unroutable address. Using server address instead.
Error:   Failed to retrieve directory listing


I indeed unable to see the contents of the directory and if I try to transfer a file, I get:
Code:
Status:   Server sent passive reply with unroutable address. Using server address instead.

which does not end up working.

The server sees the attempted file transfer but is unable to receive the file:

Code:
(000003)10/24/2011 23:31:10 PM - username(xx.xx.xx.xxx)> 425 Can't open data connection.


Which other ports do I need to allow access to?


Top
 Profile  
 
PostPosted: 2011-10-25 02:34 
Online
226 Transfer OK
User avatar

Joined: 2006-05-01 03:28
Posts: 19663
Location: Germany
As the Network Configuration explains, you need a port range for Passive mode. Furthermore, the server must know your current external IP.

Code:
Listen on these ports: 1983
This port is used for plain FTP and explicit FTP over TLS (FTPES). Note that only the initial connection uses this port.

Code:
SSL/TLS connections: 1985
That one is for implicit FTP over TLS (FTPS). Again, only the initial connection uses this.

Quote:
Could somebody tell me which ports I need to open in order to use this ftps:// server?
Both listening ports plus your defined Passive port range (aka Custom port range in FZ Server). The recommended size of the Passive port range is at least 50 ports. All ports must be forwarded in the router as well. And don't forget to tell FZ Server your external IP.

_________________
### BEGIN SIGNATURE BLOCK ###
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
All support requests per PM will be ignored!
### END SIGNATURE BLOCK ###


Top
 Profile  
 
PostPosted: 2011-10-25 23:34 
Offline
500 Command not understood

Joined: 2011-10-24 22:10
Posts: 3
Thanks for the document. I have limited the range to 1982-1984 and it's working now.
I also added my static external IP.


Top
 Profile  
 
PostPosted: 2011-10-26 00:42 
Online
226 Transfer OK
User avatar

Joined: 2006-05-01 03:28
Posts: 19663
Location: Germany
Range is too narrow, you might run out of ports fast.

_________________
### BEGIN SIGNATURE BLOCK ###
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
All support requests per PM will be ignored!
### END SIGNATURE BLOCK ###


Top
 Profile  
 
PostPosted: 2011-10-26 00:56 
Offline
500 Command not understood

Joined: 2011-10-24 22:10
Posts: 3
But I only intend to have 1 user connect at a time. 1 user, 1 session.

Or do I need to read up more about this (as in, I'm miss-understanding)?


Top
 Profile  
 
PostPosted: 2011-10-26 01:43 
Online
226 Transfer OK
User avatar

Joined: 2006-05-01 03:28
Posts: 19663
Location: Germany
-Every listing or transfer (actually, a listing is a transfer) needs one data port.
-Ports are used sequentially, and after the last one has been used, it wraps around to the first one again.
-A port, once used, stays in a TIME_WAIT state for about four minutes. During that time, it is unavailable.

For the above reasons, even one user can exhaust a port range quickly.

_________________
### BEGIN SIGNATURE BLOCK ###
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
All support requests per PM will be ignored!
### END SIGNATURE BLOCK ###


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC


Who is online

Users browsing this forum: Bing [Bot], Holdstrong and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Dedicated server provided by Artmotion.
Forum sponsored by Everyware.ch.
Powered by phpBB® Forum Software © phpBB Group