Can't connect on new setup with FTP over TLS

[emperornero]

Hey guys.

New to FTP here, having a bit of an issue.

Using an AWS EC2 instance that I use as an email server, I'm also trying to set up a FTP server as well. Ports are forwarded in Security Groups, I've got a Static IP VIA Elastic, I have a domain name and a ftp.*.* set up for my server, and firewall is set to allow both the ports for passive and TLS and FileZilla Server.exe through the firewall.

No error messages in the console. I am attempting to upload via Linux command line. FileZilla Client works fine on Windows and Linux for connection and transfers, however, my goal of this FTP server is to upload files from Linux command line without installing the FileZilla Client, edit them on Windows, then return them to Linux for implementation.

This is what I get in the log when attempting to connect via TLS:

(000009) 7/26/2018 1:18:24 AM - (not logged in) (50.37.81.212)> Connected on port 990, sending welcome message...
(000009) 7/26/2018 1:18:24 AM - (not logged in) (50.37.81.212)> 220-This is a private service.
(000009) 7/26/2018 1:18:24 AM - (not logged in) (50.37.81.212)> 220-All IPs are logged and recorded.
(000009) 7/26/2018 1:18:24 AM - (not logged in) (50.37.81.212)> 220-Any unauthorized access and usage will be persecuted to the full extent of
(000009) 7/26/2018 1:18:24 AM - (not logged in) (50.37.81.212)> 220 the law in the respective offenders country.
(000009) 7/26/2018 1:19:25 AM - (not logged in) (50.37.81.212)> 421 Login time exceeded. Closing control connection.
(000009) 7/26/2018 1:19:25 AM - (not logged in) (50.37.81.212)> disconnected.


If I connect over non-encrypted I get:

(000010) 7/26/2018 1:21:57 AM - (not logged in) (50.37.81.212)> Connected on port , sending welcome message...
(000010) 7/26/2018 1:21:57 AM - (not logged in) (50.37.81.212)> 220-This is a private service.
(000010) 7/26/2018 1:21:57 AM - (not logged in) (50.37.81.212)> 220-All IPs are logged and recorded.
(000010) 7/26/2018 1:21:57 AM - (not logged in) (50.37.81.212)> 220-Any unauthorized access and usage will be persecuted to the full extent of
(000010) 7/26/2018 1:21:57 AM - (not logged in) (50.37.81.212)> 220 the law in the respective offenders country.
(000010) 7/26/2018 1:22:05 AM - (not logged in) (50.37.81.212)> USER
(000010) 7/26/2018 1:22:05 AM - (not logged in) (50.37.81.212)> 530 This server does not allow plain FTP. You have to use FTP over TLS.
(000010) 7/26/2018 1:22:05 AM - (not logged in) (50.37.81.212)> SYST
(000010) 7/26/2018 1:22:05 AM - (not logged in) (50.37.81.212)> 215 UNIX emulated by FileZilla
(000010) 7/26/2018 1:22:57 AM - (not logged in) (50.37.81.212)> 421 Login time exceeded. Closing control connection.
(000010) 7/26/2018 1:22:57 AM - (not logged in) (50.37.81.212)> disconnected.

If I disable TLS I am able to log in, however, transfers fail:

Warning: FTP over TLS is not enabled, users cannot securely log in.
(000011) 7/26/2018 1:28:40 AM - (not logged in) (50.37.81.212)> Connected on port , sending welcome message...
(000011) 7/26/2018 1:28:40 AM - (not logged in) (50.37.81.212)> 220-This is a private service.
(000011) 7/26/2018 1:28:40 AM - (not logged in) (50.37.81.212)> 220-All IPs are logged and recorded.
(000011) 7/26/2018 1:28:40 AM - (not logged in) (50.37.81.212)> 220-Any unauthorized access and usage will be persecuted to the full extent of
(000011) 7/26/2018 1:28:40 AM - (not logged in) (50.37.81.212)> 220 the law in the respective offenders country.
(000011) 7/26/2018 1:28:43 AM - (not logged in) (50.37.81.212)> USER
(000011) 7/26/2018 1:28:43 AM - (not logged in) (50.37.81.212)> 331 Password required for
(000011) 7/26/2018 1:28:48 AM - (not logged in) (50.37.81.212)> PASS ********
(000011) 7/26/2018 1:28:48 AM - (50.37.81.212)> 230 Logged on
(000011) 7/26/2018 1:28:48 AM - (50.37.81.212)> SYST
(000011) 7/26/2018 1:28:48 AM - (50.37.81.212)> 215 UNIX emulated by FileZilla
(000011) 7/26/2018 1:28:53 AM - (50.37.81.212)> PORT 192,168,254,34,134,59
(000011) 7/26/2018 1:28:53 AM - (50.37.81.212)> 200 Port command successful
(000011) 7/26/2018 1:28:53 AM - (50.37.81.212)> STOR
(000011) 7/26/2018 1:28:53 AM - (50.37.81.212)> 150 Opening data channel for file upload to server of "/"
(000011) 7/26/2018 1:29:04 AM - (50.37.81.212)> 425 Can't open data connection for transfer of "/"
(000011) 7/26/2018 1:31:05 AM - (50.37.81.212)> 421 Connection timed out.
(000011) 7/26/2018 1:31:05 AM - (50.37.81.212)> disconnected.

Any ideas?

[botg]

Which particular command-line client (product and version) are you using?

For the third attempt without requiring TLS: The client is using active mode, but the client isn't aware that it's behind a NAT router and hence isn't configured correctly, probably the NAT is neither for active mode FTP.

To test the server configuration you can use https://ftptest.net/

[emperornero]

Just using the standard integrated ftp command line utility in Ubuntu. No additional client.

I'm thinking that the issue is I can't accept the certificate, but I've no idea how to do that from the command line.

[botg]

Okay, the "standard integrated ftp command line utility" in Ubuntu is, if you may forgive my expletive, a piece of shit by today's standards. Abandonware since 2000, artificially kept alive by distribution-specific patches ever since. I can't even tell what's worse, netkit-ftp or Windows' ftp.exe

Consider using a different command-line FTP client. Personally I had good success with lftp for my command-line needs.