Setting up FTPS behind NAT with non standard ports

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
TheHarb
500 Command not understood
Posts: 2
Joined: 2011-12-12 21:49
First name: The
Last name: Harb

Setting up FTPS behind NAT with non standard ports

#1 Post by TheHarb » 2011-12-12 21:56

I read through the FileZilla wiki's and still am finding it difficult to pin down what is causing this not to work for me?

I have created a 4096 bit certificate, I have set the listening port to 61 and the 990 port to 790. I would like to have both of these be non-standard ports. I have both of these ports forwarded to the FTP server machine which has a static IP. When trying to connect from work to home FileZilla client only times out when attempt to connect with SFTP.

I used to have this working behind the router when I used some other software called Bulletproof FTP but just had it setup as standard FTP on port 21. I got port scanned non-stop, hence why I'd like to have these secure and on non-standard ports. I have recently formatted and would like to move over to using FileZilla since I like their ideology.

I have a Linksys 610n router if that helps. Can anyone help with where I am going wrong?

Also, is it possible to use the IPSec security rules in Windows Firewall with FileZilla server?

I appreciate any help on where to start my troubleshooting.

User avatar
boco
Contributor
Posts: 24789
Joined: 2006-05-01 03:28
Location: Germany

Re: Setting up FTPS behind NAT with non standard ports

#2 Post by boco » 2011-12-13 01:00

When trying to connect from work to home FileZilla client only times out when attempt to connect with SFTP.
Just for clarification: You actually mean FTPS? SFTP is a different protocol not supported by FileZilla Server.

And you didn't even mention the Passive port range which must be defined, forwarded and opened, too. Explained in Network Configuration.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

TheHarb
500 Command not understood
Posts: 2
Joined: 2011-12-12 21:49
First name: The
Last name: Harb

Re: Setting up FTPS behind NAT with non standard ports

#3 Post by TheHarb » 2011-12-13 13:32

Sorry about that, I have PASV ports 49950-50000 set to forward to my static IP server. I meant FTPES.

I can connect from the local server using 127.0.0.1 and the non-standard port with FTPES. I guess this points to my router/port forwarding as being the issue, but I have both non-standard ports (changed them to 1071 and 1171, and the port range 49950-50000 for PASV forwarded to the internal IP).

Any other thoughts? I've also tried disabling Windows Firewall which gave me the same result. It just times out from my work machine, and I know I can connect out to FTPES sites from work as we have many clients setup this way (also tried net2ftp). The FileZilla server interface never shows anything trying to connect so for some reason it looks like the traffic isn't even getting to the box, but I have the correct ports forwarded.

Here are my port forwarding rules

Single Port Forwarding

Name Internal Port External Port Protocol To IP Address Enabled?
RDP 3389 3389 Both 192.168.1.99 Yes
FTPES 1071 1071 Both 192.168.1.99 Yes
FTPES2 1171 1171 Both 192.168.1.99 Yes

Port Range Forwarding

Name Start/End Port To IP Address Enabled
PASV 49950 to 50000 192.168.1.99 Yes

192.168.1.99 is the assigned static IP address of the server of course. The RDP forward of port 3389 is working because I am remoted into the machine right now. Let me know if screenshots of any config screens would help and I can provide those.

User avatar
botg
Site Admin
Posts: 32473
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Setting up FTPS behind NAT with non standard ports

#4 Post by botg » 2011-12-13 22:15

Forwarding TCP is enough, FTP does not use UDP.

Do you have a log of a failed connection attempt?

Note that to connect using your public IP address, you need to actually connect from outside of your private network. From inside your private network, you need to use your private IP address.

Cypress
226 Transfer OK
Posts: 121
Joined: 2008-09-13 19:39
First name: J

Re: Setting up FTPS behind NAT with non standard ports

#5 Post by Cypress » 2011-12-15 16:02

TheHarb wrote: Name Internal Port External Port Protocol To IP Address Enabled?
RDP 3389 3389 Both 192.168.1.99 Yes
FTPES 1071 1071 Both 192.168.1.99 Yes
FTPES2 1171 1171 Both 192.168.1.99 Yes
Try FTPESB or something else alpha only.

amilojko
500 Command not understood
Posts: 4
Joined: 2011-12-05 22:25

Re: Setting up FTPS behind NAT with non standard ports

#6 Post by amilojko » 2011-12-15 21:59

Beside everything said here you have to make sure server is using external IP address to answer the passive mode connections.
Settings > Passive Mode Settings, don't use Default which is your internal IP address.
HTH

Post Reply