FileZilla Forums

Hi,

seems that FTPS is a bit more difficult than FTP.

So, I've got few questions but one problem ;p

LAN connection works with theses parameters :
Host : Local IP (192.168.1.111)
Port : blank (works with 990 I suppose because Filezilla 3 don't save it)
Server type : FTPS - FTP on TLS/SSL - Implicit
Auth. type : normal
Username & password : ok no problem with it.

1st question : what is the real difference between FTPS (implicit) & FTPES (explicit) because it works in my LAN only with FTPS (Implicit) ?

2nd question : from outside, I must open only port 990 but with TCP or UDP ?
I've tried both of them for testing but it return an error :

"Réponse : 227 Entering Passive Mode (192,168,1,111,4,221)
Statut : Le serveur a retourné une adresse non routable, remplacée par l'adresse du serveur."
=> Server returned non routable address, replaced by server address.

I've tried with Net2Ftp:
http://www.net2ftp.com/index.php
(Port 990, SSL checked and other normal parameters)
but there is an error :
"An error has occured
Unable to connect to FTP server nolme.ath.cx on port 990.
Are you sure this is the address of the FTP server? This is often different from that of the HTTP (web) server. Please contact your ISP helpdesk or system administrator for help."

Where is the mistake ?

Thanks.

Vincent

The Network Configuration Guide (link in my sig) will tell you how to configure and what to forward. Port 990 for Implicit is correct.

ok, i'l re-read it.

Implicit is more secure than explicit or not ?

No real difference.

hum, after reading filezilla network configuration & others articles like :

http://en.wikipedia.org/wiki/FTPS
http://www.rebex.net/secure-ftp.net/

Explicit FTPS (FTPES) is newer than Implicit FTPS. RFC Recommand Explicit FTPES.

I must open port 21 & port 990 (TCP) and forward it to Filezilla Server.

When connecting with filezilla on port 21 with normal authentification, Login + password, I've got response :
> 530 Have to use explicit SSL/TLS before logging on.
So it's good, I can't connect without using SSL.


When using FTPES, it still don't work outside the LAN :

Statut : Connexion sur XX.XXX.XX.XXX:21...
Statut : Connexion établie. Attente du message d'accueil...
Réponse : 220 My FTP Server
Commande : AUTH TLS
Réponse : 234 Using authentication type TLS
Statut : Initialisation TLS...
Commande : USER toto
Statut : Vérification du certificat...
Statut : Connexion TLS/SSL établie.
Réponse : 331 Password required for toto
Commande : PASS ****
Réponse : 230 Logged on
Commande : PBSZ 0
Réponse : 200 PBSZ=0
Commande : PROT P
Réponse : 200 Protection level set to P
Statut : Connecté
Statut : Récupération du contenu du répertoire...
Commande : PWD
Réponse : 257 "/" is current directory.
Commande : TYPE I
Réponse : 200 Type set to I
Commande : PASV
Réponse : 227 Entering Passive Mode (192,168,1,111,11,126)
Statut : Le serveur a retourné une adresse non routable, remplacée par l'adresse du serveur.
Commande : LIST
Réponse : 425 Can't open data connection.
Erreur : Échec à la lecture du contenu du répertoire

Just a few options cheked in Filezilla Server :
SSL/TLS settings :
- Enable SSL/TLS Support
- Allow Explicit SSL/TLS on normal connections
- Force Explicit SS/TLS

In Passive Mode settings, I've tried the 3 solutions using DynDNS name & getting external IP from filezilla default url.

Edit :
A strange thing, Net2Ftp works (port 21, SSL checked) with active mode only.
ykes, here it works using Active mode too..

another strange thing concern certificate.
Unit & organisation are displayed in a strange way with something like :
#4E6F6C6DEB20496e666f726....

Any idea ?

Commande : PASV
Réponse : 227 Entering Passive Mode (192,168,1,111,11,126)

Your problem does lie in the two lines above. The address your server returns to the client is a LAN IP, which is unroutable. You need to edit your Passive settings so the server returns your public IP instead. Use 'Retrieve the external IP from' for dynamic or 'Use the following IP' for static WAN IP.