Secure ftp

Post Reply
Posts: 160
Joined: Fri Apr 08, 2011 9:59 am

Secure ftp

Post by Driminicus » Thu Nov 03, 2011 12:38 pm

I've been trying to configure vsftpd to be able to use ftps, using this guide.
after following the steps (only for the set up that the HMNHD has, different location for configuration files etc) I've been able to get it working on my home network. However, I can't seem to log on using ftps remotely, but plain ftp works. I've only forwarded port 21 in my router to the network drive.
What am I doing wrong?

Posts: 6226
Joined: Mon Jun 16, 2008 10:45 am

Re: Secure ftp

Post by Mijzelf » Thu Nov 03, 2011 4:27 pm

From Wikipedia:
Because FTP utilizes a dynamic secondary port (for data channels), many firewalls were designed to snoop FTP protocol control messages in order to determine what secondary data connections they need to allow. However, if the FTP control connection is encrypted using TLS/SSL, the firewall cannot determine the TCP port number of a data connection negotiated between the client and FTP server.

Therefore, in many firewalled networks, an FTPS deployment will fail when an unencrypted FTP deployment will work, but this problem can be solved with the use of a limited range of ports for data and configuring the firewall to open these ports.
Obviously your router is smart enough to recognize the FTP protocol, and forward the dataports (as specified in the control data) when needed, but is fails when the control data is encrypted.
So you'll have to specify a range of data ports, and forward them too.

Post Reply