• November 01, 2024, 03:38:55 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: FTP TLS/SSL Mode  (Read 7491 times)

pittnuma

  • Level 3 Member
  • ***
  • Posts: 107
    • Yorkshire Gliding Club
FTP TLS/SSL Mode
« on: August 22, 2014, 06:40:28 AM »

Hi.

I am trying to figure out how to set my FTP as TLS/SSL sign on only.

only trouble is when connecting to the server the server responds with an encrypted data channel. Since it's encrypted and you have no way of knowing what port it's coming in on, the firewall has no way of dynamically opening the port and just assumes it's an unknown attempt to communicate from the outside.

This means I can't seem to set TLD and only unencrypted.

I've got PF on port 443, anything else I am missing?
Logged
Learn from the mistakes of others. You won't live long enough to make all of them yourself.

batteryworm

  • Level 1 Member
  • *
  • Posts: 3
Re: FTP TLS/SSL Mode
« Reply #1 on: August 11, 2016, 09:33:11 AM »

Hi,

I am not sure if this will solve your problem. I struggled over the weekend with many trial and error to get this. My config is as follows:
DNS-320 Sharecentre with Firmware Rev 2.00 Firmware date: Dec 17 2010.
It has internal LAN IP addr 192.168.1.100

1. For the DNS-320, after logging in as admin,
Under Management - Application Management - FTP server, use the following settings and selections:
Max Users 10
Idle Time 5
Port 3688 {you can also select anything between 1025 to 3688; just don't select the default 21 - it won't work}
Passive mode - use the default port range (55536~55663)
 - do not select Report External IP in PASV mode
     External IP: x.x.x.x {leave this blank}
Client language: ISO8859-1 << Western European (ISO8859-1)
Flow Control Unlimited
SSL/TLS Select Allow SSL/TLS connection only
FXP Disable

Note*: Alternatively if you have a static external IP address that does not change, you can select Report External IP in PASV mode and then enter the publicly addressable IP address in the next line (you can find out what that is using your browser and key in canyouseeme.org)

2. On your router, depending on the make and model, you have to find the NAT - virtual server menu or some other routers call it the port-forwarding menu.

Add the following entries:
a) External port 3688; Server IP {enter your internal FTP server IP address eg. 192.168.1.100}; Internet port 3688. Protocol: TCP.
b) External port 55536-55663; Server IP {enter the same FTP server internal IP addr 192.168.1.100}; Internal port 55536-55663 (same as external port); Protocol TCP.

3. On the client end from the Internet (I use Filezilla on my laptop and tether to my handphone 4G network), select the following:
Host IP : Public IP address of your router (you can check this by using canyouseeme.org on your browser from your home network); Alternatively if you already have DDNS setup, then just type in your hostname.domain as per your DDNS instead of numeric IP address.
Port: 3688
Protocol: FTP
Encryption: Use Explicit FTP over TLS
Logon type: Normal
Username:{username to the FTP server}
Password: {password to the FTP server}
The rest of the settings should be able to leave it as default or auto.

The Filezillan client may complaint for every transactions that "server sent PASV reply with unroutable address. Using server address instead". That's fine because the FTP server will send passive mode information with its LAN address such as 192.168.1.100 which is not reachable by your client in the internet. So the client will fallback to the external public IP address and still can continue the transaction. If you select the Report External IP in PASV mode, then you don't get these annoying warning message in each transaction.

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: FTP TLS/SSL Mode
« Reply #2 on: August 11, 2016, 10:28:46 AM »

Thank you for posting. Hope it helps future users.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

sbrbot

  • Level 2 Member
  • **
  • Posts: 75
Re: FTP TLS/SSL Mode
« Reply #3 on: August 17, 2016, 06:02:25 AM »

Just hint, a FTP usually use port 22 for data transfer and port 21 fro data control, for FTP over TLS/SSl usually ports 989 and 990 are used.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: FTP TLS/SSL Mode
« Reply #4 on: August 17, 2016, 06:34:01 AM »

Thanks for the additional info.  ;)
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.