I'm really having difficulties connecting ftp over tls and would really appreciate some assistance. I have trawled numerous websites but still cannot get the connection to work.
I use filezilla and can connect remotely using plain ftp connections without any issues whatsoever but for some reason just cannot get any connection over tls. I have ftp with SSL/TLS (explicit) ticked on the QNAP and port forwarded 20, 21 on the router to the internal ip address of the QNAP. The port identified on the QNAP is 21.
When connecting using filezilla, I get the following:
Status: Resolving address of xx.dyndns.org
Status: Connecting to xxx.xxx.xxx.xxx:21... (this is the correct external ip address - checked)
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Can someone tell me where I'm going wrong
Many thanks
FTP over TLS problems
-
schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: FTP over TLS problems
Neither a NAS nor an FTP over TLS (ftps) issue.Fireblade69 wrote: I have ftp with SSL/TLS (explicit) ticked on the QNAP and port forwarded 20, 21 on the router to the internal ip address of the QNAP. The port identified on the QNAP is 21.
Why port 20? Not required - you can't run active ftp over a NATed connection anyway.
But then, you need 21/TCP for the ftp control connection plus the complete FTP passive port range configured on the NAS manually forwarded on the NAS, too.
You might ask why plain FTP does work, while FTPS does not? Simple: Your NAT router might have what is named an FTP-ALG (application layer gateway), listening on the FTP control channel (port 21) communication, and automatically open/NAT forward the ftp data port negotiated. This does not work with FTPS because of the FTP control channel communication is encrypted.
Regards,
-Kurt.
-
DLeigh
- New here
- Posts: 2
- Joined: Fri Aug 05, 2016 12:41 pm
Re: FTP over TLS problems
If you are behind a firewall and NAT'n the connection, the QNAP is replying with its private address, hence "Server sent passive reply with unroutable address. Using server address instead."
To Fix QNAP > FTP > Advanced Tab > check the box that says 'Respond with extenal IP address for passive FTP connection request'. If you have a static IP(ie Public Static IP - something that is routable) configure it in the box, if you dont have a static IP leave the box empty.
I also use a "define port range" for passive connections, and NAT these as well.
To Fix QNAP > FTP > Advanced Tab > check the box that says 'Respond with extenal IP address for passive FTP connection request'. If you have a static IP(ie Public Static IP - something that is routable) configure it in the box, if you dont have a static IP leave the box empty.
I also use a "define port range" for passive connections, and NAT these as well.