FTPS Explicit not working

biltong

2010-03-29 14:06:42

Hi,

I have setup FTPS Explicit access to my business NAS behind a Linksys WRT54GS router and using a DYNDNS domain. When I tested it, admittedly on my LAN,it worked fine but now I'm away from the office for 2 weeks and tried it, it does not work.

FTP works fine but obviously can't be used instead because it is insecure.

I think it is because I setup Port Fowarding on the router only for port 21, not knowing exactly what I was doing. I now realise that FTPS uses port 21 and port 22 and this is probably why it doesn't work via WAN.

I don't have remote access to my router so cannot change it.

I'm mainly concerned about encrypting the username and password when establishing the connection and not worried about encrypting file transfer. Is there any way I can configure SmartFTP to do this / any other way I can overcome this problem?

Thanks.

Here's my SmartFTP log:

[14:58:01] SmartFTP v4.0.1091.0
[14:58:01] Resolving host name "xxxxxxxxx.dyndns.xxx"
[14:58:01] Connecting to xx.7.19.xxx Port: 21
[14:58:01] Connected to xxxxxxxxx.dyndns.xxx.
[14:58:05] 220 NASFTPD Turbo station 2.x 1.3.1rc2 Server (ProFTPD) [192.168.1.xx]
[14:58:05] AUTH TLS
[14:58:06] 234 AUTH TLS successful
[14:58:06] Connected. Exchanging encryption keys...
[14:58:06] Key Exchange: 2048 bit RSA
[14:58:06] Session Cipher: 128 bit AES
[14:58:06] TLS 1.0 encrypted session established.
[14:58:06] Command channel protection set to Private.
[14:58:06] PBSZ 0
[14:58:06] 200 PBSZ 0 successful
[14:58:06] USER xxxxxxxx
[14:58:07] 331 Password required for xxxxxxxx
[14:58:07] PASS (hidden)
[14:58:07] 230 User xxxxxxxx logged in
[14:58:07] SYST
[14:58:07] 215 UNIX Type: L8
[14:58:07] Detected Server Type: UNIX
[14:58:07] RTT: 247.259 ms
[14:58:07] FEAT
[14:58:08] 211-Features:
[14:58:08] LANG en
[14:58:08] MDTM
[14:58:08] UTF8
[14:58:08] AUTH TLS
[14:58:08] PBSZ
[14:58:08] PROT
[14:58:08] REST STREAM
[14:58:08] SIZE
[14:58:08] 211 End
[14:58:08] OPTS UTF8 ON
[14:58:08] 451 Unable to accept OPTS UTF8
[14:58:08] Detected Server Software: ProFTPD
[14:58:08] PWD
[14:58:08] 257 "/" is the current directory
[14:58:08] TYPE A
[14:58:08] 200 Type set to A
[14:58:08] PROT P
[14:58:09] 200 Protection set to Private
[14:58:09] PASV
[14:58:09] 227 Entering Passive Mode (192,168,1,xx,218,94).
[14:58:09] Passive ip address returned from server different from server ip.
[14:58:09] Opening data connection to 192.168.1.xx Port: 55902
[14:58:09] LIST -aL
[14:58:30] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

2010-03-29 14:52:48

Go to the Favorite Properties. Then go to the FTP->Connection->SSL/TLS dialog and set the File Transfer option to "Clear".

biltong

2010-03-29 15:46:08

Go to the Favorite Properties. Then go to the FTP->Connection->SSL/TLS dialog and set the File Transfer option to "Clear".

This didn't work. The problem is that the server is returning a local ip address, which obviously the client can't see. This, I know, is a problem with my NAS server FTP settings, which I will have to resolve on return to the office but can't do anything about whilst away for 2 weeks.

So I was wondering whether there was another protocal/setup along the lines of FTP but which secures the transmission of username and password......

2010-03-29 18:43:40

If you think this is the problem, go to the Favorite Properties. Then go to the FTP->Connection dialog and set the Force Passive IP option to enable.

biltong

2010-03-30 14:45:21

If you think this is the problem, go to the Favorite Properties. Then go to the FTP->Connection dialog and set the Force Passive IP option to enable.

Almost there I think however the server is returning a port number that I think the router doesn't allow. Is there any way I can force the data connection onto port 21? Here's my log:

[15:29:02] SmartFTP v4.0.1091.0
[15:29:02] Resolving host name "xxxxxxxxxxx.dyndns.xxx"
[15:29:02] Connecting to 80.7.19.xxx Port: 21
[15:29:02] Connected to xxxxxxxxxxx.dyndns.xxx.
[15:29:03] 220 NASFTPD Turbo station 2.x 1.3.1rc2 Server (ProFTPD) [192.168.1.xx]
[15:29:03] AUTH TLS
[15:29:03] 234 AUTH TLS successful
[15:29:03] Connected. Exchanging encryption keys...
[15:29:03] Key Exchange: 2048 bit RSA
[15:29:03] Session Cipher: 128 bit AES
[15:29:03] TLS 1.0 encrypted session established.
[15:29:03] Command channel protection set to Private.
[15:29:03] PBSZ 0
[15:29:04] 200 PBSZ 0 successful
[15:29:04] USER xxxxxxxx
[15:29:04] 331 Password required for xxxxxxxx
[15:29:04] PASS (hidden)
[15:29:05] 230 User xxxxxxxx logged in
[15:29:05] SYST
[15:29:05] 215 UNIX Type: L8
[15:29:05] Detected Server Type: UNIX
[15:29:05] RTT: 206.863 ms
[15:29:05] FEAT
[15:29:05] 211-Features:
[15:29:05] LANG en
[15:29:05] MDTM
[15:29:05] UTF8
[15:29:05] AUTH TLS
[15:29:05] PBSZ
[15:29:05] PROT
[15:29:05] REST STREAM
[15:29:05] SIZE
[15:29:05] 211 End
[15:29:05] OPTS UTF8 ON
[15:29:05] 451 Unable to accept OPTS UTF8
[15:29:05] Detected Server Software: ProFTPD
[15:29:05] PWD
[15:29:06] 257 "/" is the current directory
[15:29:06] TYPE A
[15:29:06] 200 Type set to A
[15:29:06] PROT C
[15:29:06] 200 Protection set to Clear
[15:29:06] PASV
[15:29:06] 227 Entering Passive Mode (192,168,1,xx,217,226).
[15:29:06] Passive ip address returned from server different from server ip.
[15:29:06] Replacing received PASV address 192.168.1.xx by server address 80.7.19.xxx.
[15:29:06] Opening data connection to 80.7.19.xxx Port: 55778
[15:29:06] LIST -aL
[15:29:27] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
[15:30:27] Timeout (60s).

2010-03-30 16:48:19

Go to the Favorite Properties. Then to the FTP->Connection->SSL/TLS page and set the control connection to Clear. As a result SmartFTP sends a CCC command after the login.