SOLVED FTP with TLS over internet -use ssh

[shadow-r]

Terve!
I will be honest to say that this is my first post on this forum. So pleas tell me if my post is unusable and why.
Currently I have a NAS setup that uses Port 21 with FTP. I can connect to that share without problems. But if I would like to use the internet it gets a little more complicated.
I read that TLS uses port 88 (not 100% sure anymore). That is why I routed this port to port 21 on the server.
I also read that the Technicolor 7200 router I use requires an other port (like 990) to be forwarded.
I have achieved the get the same "Econrefused" Error I had with the standard FTP share (inside the same network) for a long time.
But this is the point I decided to ask instead of wrecking the security of our home network.
Thank you already for the support.
Sayonara!
P.S. I don't think that you need more Hard-/Softwareinfo. But if you do, please let me know

 

[Robert Trevellyan]

Is there a reason you don't want to use SFTP? It's so much simpler.

 

[shadow-r]

Terve!
Because I am a nOOb I guess.
A quick google search and 5 minutes of work has solved the problem.
I used the TLS encryption because that was in the FTP Service Option to click.
Thank you for that very easy solution.
Sayonara!

 

[Robert Trevellyan]

Once you discover SFTP, you'll never want to use FTP again.

You should consider using a non-standard port number for your external access, assuming you don't use a VPN.

 

[shadow-r]

Terve!
I'm not sure why you recommand doing this.
From what I have read the data is encrypted anyways, so where is the reason to use an other port?
P.S. I am not trying to doubt you (it might look a lot like that though), I simply do not know.
Sayonara!

 

[danb35]

The non-standard port is to reduce attacks on SSH from outside. Note that this will reduce attacks, not eliminate them. Many attackers just probe on standard ports, but others will portscan you and try any ports they find open. You'll still want to make sure you have a secure passphrase set up (or better yet, use public key authentication and disable passwords altogether).

I'm personally not a fan of using non-standard ports, but there can be a place for them.

 

[Robert Trevellyan]

My experience is based on running a VPS on backupsy for a couple of months. With SSH on port 22, auth.log showed multiple attacks every minute of every day. When I moved SSH to a non-standard port, auth.log went completely quiet.

 

[shadow-r]

Terve!
I will move the port then.
I don't think that those attacks will achieve a lot, but better be safe than sorry.
Thank you again for the support .
Sayonara!

 

[Robert Trevellyan]

I don't think that those attacks will achieve a lot

Even unsuccessful attacks place a load on your system (in this case, your modem, I assume).

 

[shadow-r]

Terve!
I did not think about that. Thank you for letting me know.
Sayonara!