Setting up FTPS behind NAT with non standard ports

[TheHarb]

I read through the FileZilla wiki's and still am finding it difficult to pin down what is causing this not to work for me?

I have created a 4096 bit certificate, I have set the listening port to 61 and the 990 port to 790. I would like to have both of these be non-standard ports. I have both of these ports forwarded to the FTP server machine which has a static IP. When trying to connect from work to home FileZilla client only times out when attempt to connect with SFTP.

I used to have this working behind the router when I used some other software called Bulletproof FTP but just had it setup as standard FTP on port 21. I got port scanned non-stop, hence why I'd like to have these secure and on non-standard ports. I have recently formatted and would like to move over to using FileZilla since I like their ideology.

I have a Linksys 610n router if that helps. Can anyone help with where I am going wrong?

Also, is it possible to use the IPSec security rules in Windows Firewall with FileZilla server?

I appreciate any help on where to start my troubleshooting.

[boco]

When trying to connect from work to home FileZilla client only times out when attempt to connect with SFTP.

Just for clarification: You actually mean FTPS? SFTP is a different protocol not supported by FileZilla Server.

And you didn't even mention the Passive port range which must be defined, forwarded and opened, too. Explained in Network Configuration.

[TheHarb]

Sorry about that, I have PASV ports 49950-50000 set to forward to my static IP server. I meant FTPES.

I can connect from the local server using 127.0.0.1 and the non-standard port with FTPES. I guess this points to my router/port forwarding as being the issue, but I have both non-standard ports (changed them to 1071 and 1171, and the port range 49950-50000 for PASV forwarded to the internal IP).

Any other thoughts? I've also tried disabling Windows Firewall which gave me the same result. It just times out from my work machine, and I know I can connect out to FTPES sites from work as we have many clients setup this way (also tried net2ftp). The FileZilla server interface never shows anything trying to connect so for some reason it looks like the traffic isn't even getting to the box, but I have the correct ports forwarded.

Here are my port forwarding rules

Single Port Forwarding

Name Internal Port External Port Protocol To IP Address Enabled?
RDP 3389 3389 Both 192.168.1.99 Yes
FTPES 1071 1071 Both 192.168.1.99 Yes
FTPES2 1171 1171 Both 192.168.1.99 Yes

Port Range Forwarding

Name Start/End Port To IP Address Enabled
PASV 49950 to 50000 192.168.1.99 Yes

192.168.1.99 is the assigned static IP address of the server of course. The RDP forward of port 3389 is working because I am remoted into the machine right now. Let me know if screenshots of any config screens would help and I can provide those.

[botg]

Forwarding TCP is enough, FTP does not use UDP.

Do you have a log of a failed connection attempt?

Note that to connect using your public IP address, you need to actually connect from outside of your private network. From inside your private network, you need to use your private IP address.

[Cypress]

Name Internal Port External Port Protocol To IP Address Enabled?
RDP 3389 3389 Both 192.168.1.99 Yes
FTPES 1071 1071 Both 192.168.1.99 Yes
FTPES2 1171 1171 Both 192.168.1.99 Yes

Try FTPESB or something else alpha only.

[amilojko]

Beside everything said here you have to make sure server is using external IP address to answer the passive mode connections.
Settings > Passive Mode Settings, don't use Default which is your internal IP address.
HTH