Ftps (tls)

[thecanadiansandbox18]

I have been trying to connect to my ftp server using FileZilla in TLS (implicit) mode, and am unable to connect, the logs are as follows:
Status: Selected port usually in use by a different protocol.
Status: Resolving address of thecanadiansandbox.tk
Status: Connecting to 69.175.120.122:21...
Status: Connection established, initializing TLS...
Error: Connection timed out
Error: Could not connect to server

The settings are as follows:
Host: my site
Port: 21
Server type: FTPS - FTP over implicit TLS/SSL
Logon type: Normal

Can someone please help me get connected using TLS or SSL encryption?

 

[stpvoice]

Hello,

You need to use FTPES (explicit TLS/SSL).

 

[thecanadiansandbox18]

I tried that change and this is what I get:

Status:	Resolving address of thecanadiansandbox.x10.mx
Status:	Connecting to 69.175.120.122:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 4 of 75 allowed.
Response:	220-Local time is now 12:05. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 2 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	Initializing TLS...
Status:	Verifying certificate...
Command:	USER ********
Status:	TLS/SSL connection established.
Response:	331 User ******** OK. Password required
Command:	PASS ****************
Response:	230 OK. Current restricted directory is /
Command:	SYST
Response:	215 UNIX Type: L8
Command:	FEAT
Response:	211-Extensions supported:
Response:	 EPRT
Response:	 IDLE
Response:	 MDTM
Response:	 SIZE
Response:	 REST STREAM
Response:	 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:	 MLSD
Response:	 AUTH TLS
Response:	 PBSZ
Response:	 PROT
Response:	 ESTA
Response:	 PASV
Response:	 EPSV
Response:	 SPSV
Response:	 ESTP
Response:	211 End.
Command:	PBSZ 0
Response:	200 PBSZ=0
Command:	PROT P
Response:	200 Data protection level set to "private"
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PASV
Response:	227 Entering Passive Mode (69,175,120,122,167,74)
Command:	MLSD
Error:	Connection timed out
Error:	Failed to retrieve directory listing

---------- Post added at 05:10 PM ---------- Previous post was at 05:07 PM ----------

The second time I made an attempt without changing anything from the previously one I get this:

13:08:26    Status:    Resolving address of thecanadiansandbox.x10.mx
13:08:26    Status:    Connecting to 69.175.120.122:21...
13:08:26    Status:    Connection established, waiting for welcome message...
13:08:26    Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
13:08:26    Response:    220-You are user number 8 of 75 allowed.
13:08:26    Response:    220-Local time is now 12:08. Server port: 21.
13:08:26    Response:    220-This is a private system - No anonymous login
13:08:26    Response:    220-IPv6 connections are also welcome on this server.
13:08:26    Response:    220 You will be disconnected after 2 minutes of inactivity.
13:08:26    Command:    AUTH TLS
13:08:26    Response:    234 AUTH TLS OK.
13:08:26    Status:    Initializing TLS...
13:08:26    Status:    Verifying certificate...
13:08:26    Command:    USER ********
13:08:26    Status:    TLS/SSL connection established.
13:08:26    Response:    331 User ******** OK. Password required
13:08:26    Command:    PASS ****************
13:08:26    Response:    230 OK. Current restricted directory is /
13:08:26    Command:    PBSZ 0
13:08:26    Response:    200 PBSZ=0
13:08:26    Command:    PROT P
13:08:26    Response:    200 Data protection level set to "private"
13:08:26    Status:    Connected
13:08:26    Status:    Retrieving directory listing...
13:08:26    Command:    PWD
13:08:27    Response:    257 "/" is your current location
13:08:27    Command:    TYPE I
13:08:27    Response:    200 TYPE is now 8-bit binary
13:08:27    Command:    PASV
13:08:27    Response:    227 Entering Passive Mode (69,175,120,122,222,23)
13:08:27    Command:    MLSD
13:08:47    Error:    GnuTLS error -53: Error in the push function.

 

[stpvoice]

Hello,

Okay. Explicit is the only one that's ever worked for me.

 

[misson]

We need someone with knowledge of the server setup & config to weigh in. Encrypted FTP connections are problematic for firewalls and NATs, as they can't snoop on PORT commands and PASV command responses, which they need to do to figure out which ports to open and forward. It could be that adding the appropriate config option for passive ports to the FTP server and similar for the firewall (allowing incoming TCP from port 20 to the FTP passive ports) would resolve the issue, but as this opens the firewall too much, we may not see this implemented.

Alternatively, you may be able to configure your router to support active mode, at which point you should be able to use TLS. Check your router documentation to see if it supports port triggering, which lets you dynamically open & forward incoming ports, based on outgoing connections. If the manufacturer's firmware doesn't support triggering, you may be able to install an open source firmware (such as DD-WRT) that does. Simply add a trigger to open & forward port 20 when an outgoing connection opens port 21. The router may even have a built-in rule for this (look for an FTP trigger).

Port triggering could also be used on the server to support encryption in passive mode. It's not likely supported by the firewall (iptables, I believe) by itself, but can be implemented using multiple software packages.

 

[Skizzerz]

Hello,

I think there might currently be an issue with FTP over TLS on starka, I am going to notify the admins and reply back when I hear something.

 

[Skizzerz]

Hello,

FTP over Explicit SSL/TLS should be fixed now (implicit still does not work)

 

[thecanadiansandbox18]

I am still getting the same problems. Could one of you make a tutorial for how to get connected using SSL/TLS from my free hosting account using FileZilla?