TLS Failing to Initialize over FTP - FileZilla to FreeNAS

[Spencer Skinner]

So i am trying to connect to my NAS from outside my network, all the ports and all that are open to my knowledge and here is what I get via FileZilla -

Code:

Status:	Connecting to [IP REMOVED]
Status:	Connection established, waiting for welcome message...
Error:	Connection timed out after 20 seconds of inactivity
Error:	Could not connect to server
Status:	Waiting to retry...
Status:	Connecting to [IP REMOVED]
Status:	Connection established, waiting for welcome message...
Response:	220 ProFTPD 1.3.5a Server (freenas.local FTP Server) [::ffff:192.168.2.4]
Command:	AUTH TLS
Response:	234 AUTH TLS successful
Status:	Initializing TLS...
Error:	Connection timed out after 20 seconds of inactivity
Error:	Could not connect to server

Here are my settings in FreeNAS -

Bare in mind aswell that FTP works within my network just not outside, not sure what ive done wrong here tbh

FreeNAS 9.10.2

Thanks guys

 

[m0nkey_]

You need to do a couple of things, allow Established and Related connections though your firewall, also open up data ports to transfer data. FTP doesn't solely work on port 21. You need to set your minimum and maximum passive ports and NAT them also to your FTP server.

 

[Spencer Skinner]

You need to do a couple of things, allow Established and Related connections though your firewall, also open up data ports to transfer data. FTP doesn't solely work on port 21. You need to set your minimum and maximum passive ports and NAT them also to your FTP server.

Ive already set the port range as 20:21 got no luck there

I also did have a little go with activating DMZ on the modem through to the router through to the server allowing full open access to the servers ports, still no luck.

As for NAT, its just a bunch enable/disable boxes on my router (ASUS RT-AC66U) so my best guess is its automatic.

As for the established and related connections bit im not sure how i have to go about doing that to be honest.

Thanks

 

[Spencer Skinner]

Ive also been looking around, im not sure what other ports i should have open assides 20 and 21, ive seen port 990 for TLS and also Port 88. Not sure what to make of any of it

 

[Spencer Skinner]

Bump

Ive still not made any progress with this, ive got no idea as to what the issue is. Anyone able to help me.

I assume i just need to open all of the proper ports for Passive TLS FTP but I dont know the correct ports.

Thanks

 

[m0nkey_]

This is all covered in the documentation. You need to specify the minimum and maximum passive ports and forward them on your router.

 

[Spencer Skinner]

I re-read the freeNAS docs and then read up some other docs, set up the passive ports properly and the command ports

Now im getting a new error from the server

Code:

Status:	Connecting to [IP REMOVED]
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Server sent passive reply with unroutable address. Using server address instead.
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:	Connection timed out after 20 seconds of inactivity
Error:	Failed to retrieve directory listing
Status:	Disconnected from server
Status:	Connecting to [IP REMOVED]
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Server sent passive reply with unroutable address. Using server address instead.
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server

 

[Spencer Skinner]

Got a different error when i changed to masquerade address to my own IP, i get the feeling this is a NAT based issue

Code:

Status:	Connecting to[IP REMOVED]
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is the current directory
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode ([IP REMOVED],4,147).
Command:	MLSD
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:	Connection timed out after 20 seconds of inactivity
Error:	Failed to retrieve directory listing

 

[Spencer Skinner]

In addition just been checking, I am still able to connect using the local IP so TLS is fully functional. If I use the external IP from within the network it chucks the same error. And if i connect from an entirely new network it chucks the same error. Ive changed the passive ports again to a set of ports within the 5000-6000 range which ive seen recommended allot online. But still no success.

My router - ASUS RT-AC66U
My Modem - TP-Link TD8817

Anything specific with those two that i should be aware of?

 

[Spencer Skinner]

Also if possible can a Mod change this to the "network" Category, that seems more appropriate, right?

 

[Spencer Skinner]

Right after many more hours of work ive worked out the issue, for anyone else that has this issue.

The issue is the target port on the ASUS WRT Port forwarding for router, for the passive port range, leave the target port (Local port) blank. Makes sense due to the nature of FreeNAS and the way passive FTP works. Just make sure the target port on the ASUS router is left blank and it should work.

The other thing i did was enabled DDNS, and setup a host name, i then made the masquerade address on the FTP config that hostname. This fixed the NAT issues i was having.

That should all be fine and all, hopefully.