first a fact: I had another(commercial) FTP server running fine in both secure, and normal FTP mode, using the same ports (and passive-mode range) ... it's only FileZilla that won't work in secure mode, while working fine in FTP-mode.
the firewall is configured to forward 21,990 and (because of examples I tried in desperation:) 50000-51000 (before, I used "6500-6600")
but just to make my point, I even placed this server in DMZ
client= filezilla
server= latest filezilla server.
when connecting to port 21 (using passive mode), everything works fine.
when connecting using SSL/TLS, port 990 , directory listing is not received, and error 421 appears.
why?
SSL/TLS won't work,....
Moderator: Project members
Broken-by-design router and/or firewall that tapmers with the FTP connection if using plain FTP.
http://filezilla-project.org/wiki/index ... figuration
http://filezilla-project.org/wiki/index ... figuration
please read again.
FileZilla server works using FTP (normal ftp, passive mode)
Serv-U works in FTP and SSL/TLS mode, passive mode.
Filezilla does NOT work in SSL/TLS mode...
how can that be related to routing/NAT/FW, when the machine is in DMZ, and another software, using SSL/TLS works fine with the same config ?
FileZilla server works using FTP (normal ftp, passive mode)
Serv-U works in FTP and SSL/TLS mode, passive mode.
Filezilla does NOT work in SSL/TLS mode...
how can that be related to routing/NAT/FW, when the machine is in DMZ, and another software, using SSL/TLS works fine with the same config ?
no you are wrong ...
it works fine ... i use it with ssl mode (for administration) and normal mode for users).
i just have some problem to configure my firewall (a Checkpoint) ..
the firewall read the first respond send by the filezilla server ...
this respond contain the home directory and the port where the client have to connect to send data (next command ls, cd, get or put)
when the firewall intercept the respond, it open the way for the port specified by the ftp server ... and every thing goes well !
when you use SSL, the firewal cant read the respond and dont know which port it have to open for the ftp server and you can't send any command after the first respond
the solution is to tell the ftp server that the dynamic port is in the range 50000-51000 (for exemple) and open these connection on your firewall as you open the port 21 for the ftp server
it is not very safe .... but .. no more solution
it works fine ... i use it with ssl mode (for administration) and normal mode for users).
i just have some problem to configure my firewall (a Checkpoint) ..
the firewall read the first respond send by the filezilla server ...
this respond contain the home directory and the port where the client have to connect to send data (next command ls, cd, get or put)
when the firewall intercept the respond, it open the way for the port specified by the ftp server ... and every thing goes well !
when you use SSL, the firewal cant read the respond and dont know which port it have to open for the ftp server and you can't send any command after the first respond
the solution is to tell the ftp server that the dynamic port is in the range 50000-51000 (for exemple) and open these connection on your firewall as you open the port 21 for the ftp server
it is not very safe .... but .. no more solution