FTP through managed firewall. slightly different question

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Cynyster

FTP through managed firewall. slightly different question

#1 Post by Cynyster » 2019-08-15 11:12

I am attempting to connect to my FileZillaServer which I have set up properly for FTPS with a generated certificate and all appropriate ports forwarded through my home firewall (21,990, 30000-30100) and everything works fine as long as my remote computer has unrestricted access to the internet.

I find myself working at a location that has a managed firewall and I am unable to download the directory structure.
Filezilla completes the handshake but cannot seem to retrieve the directory listing.

Status: Connecting to XX.XX.XX.XX:21...
Status: Connection established, waiting for welcome message...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Status: Directory listing of "/" successful
Status: Disconnected from server
Status: Resolving address of
Status: Connecting to XX.XX.XX.XX:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (XX,XX,XX,XX,XX,XX)
Command: MLSD
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing
Status: Disconnected from server


Needless to say I need to have a talk with the firewall management company.
Do I need to tell them that they need to allow ports 21 & 990
or do they need to open up the 30000-30100 as well?

Thanks for the help

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: FTP through managed firewall. slightly different question

#2 Post by botg » 2019-08-16 07:00

Yes, for the data connections to work the client needs to be allowed to connect to whatever port the server desires. Since the port is assigned server-side, it's best to just allow the clients to connect to all ports in the range 1-65535.

Cynyster

Re: FTP through managed firewall. slightly different question

#3 Post by Cynyster » 2019-08-16 08:15

Thanks you for the reply.

Somehow I have a feeling that the firewall management company are going to Freak at opening up all the ports.

Even though I take issue with the philosophy that opening all outgoing ports is a security risk, the firewall management companies tend to operate on the idea that only about 10 ports should be necessary. :lol:

Since my filezilla server is constrained to 30000-30100 I will have them open that range as well.


Thank you again for your reply.

Cheers

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: FTP through managed firewall. slightly different question

#4 Post by boco » 2019-08-16 08:54

Oh, I guess even only mentioning FTP will already be enough to drive them up into the treetops...
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

Post Reply