Moderator: Project members
Firewalls only detect and ask for applications that are actively accessing ports. The program you mentioned is a client that is doing that. However FileZilla does not actively access the ports, it only listens on them. Listening on a port doesn't count as access and the firewall doesn't detect it. Some firewalls would ask once the the first incoming connection on the listening port is detected, others generally don't ask for incoming connections. Thus, you have to proactively open all FTP ports (the listening port and the complete Passive port range, TCP only) in the firewall, and also forward all of them.No - but other programs that do require firewall access ask for it. For example, qBittorrent, which I installed way back and asked for permission to go through the firewall, did so again when this problem started, and also a couple of other programs. So perhaps not unreasonable to expect the Server to at least do the same.
but others are now able to access the server and download ok.Why should they be documented? Those ports are nothing special. Passive ports have to be defined in the FTP server, and they can be chosen freely, apart from the first 1024 ports which are reserved. Passive port range is documented btw.I get a similar problem and adding ports 8060-8069 (which I did not see published in documentation anywhere ) did not change anything.
Use https://ftptest.net for testing, as neither the public IP nor the dynamic DNS name will work correctly from inside your network. From inside the NAT border, the private IP must be used.Currently going though the ISP IP address (using my Dynamic DNS URL), it blocks and times out at transfering the content of '/'. But when connecting through my private network with the server's IP address, all works well and dandy.
Depends. Locally from anther local machine? Good. Locally from the same machine? Not necessarily, as firewalls might not block localhost traffic.It is not blocking at my Norton firewall since it runs locally on the server and works well locally.
Sigh, what a mess.I included all the following in my router port forwarding and still does not work (I inluded both UDP and TCP for each):
20-22
80
8080
989-990
3713
PS:
Listeners are at port 21 with Explicit TLS specified.
boco wrote: ↑2023-08-28 21:13Why should they be documented? Those ports are nothing special. Passive ports have to be defined in the FTP server, and they can be chosen freely, apart from the first 1024 ports which are reserved. Passive port range is documented btw.I get a similar problem and adding ports 8060-8069 (which I did not see published in documentation anywhere ) did not change anything.
Use https://ftptest.net for testing, as neither the public IP nor the dynamic DNS name will work correctly from inside your network. From inside the NAT border, the private IP must be used.Currently going though the ISP IP address (using my Dynamic DNS URL), it blocks and times out at transfering the content of '/'. But when connecting through my private network with the server's IP address, all works well and dandy.
Depends. Locally from anther local machine? Good. Locally from the same machine? Not necessarily, as firewalls might not block localhost traffic.It is not blocking at my Norton firewall since it runs locally on the server and works well locally.
Sigh, what a mess.I included all the following in my router port forwarding and still does not work (I inluded both UDP and TCP for each):
20-22
80
8080
989-990
3713
PS:
Listeners are at port 21 with Explicit TLS specified.
You will need to forward and open only:
- 21 as it is the listening port,
- 990 (only if you want to use Implicit FTP over TLS), not needed for Explicit FTP over TLS,
- and your chosen Passive port range (that you defined in the FTP server).
FTP uses TCP only, never UDP.
