D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-323 => Topic started by: jrbilodeau on December 31, 2008, 07:28:23 AM

Title: How to use FTP over SSL/TLS
Post by: jrbilodeau on December 31, 2008, 07:28:23 AM
Hey i just upgraded to fw 1.06 and was just wondering how to use FTP over SSL/TLS. i'm using FileZilla and if i pick  "servertype: FTPS - FTP over implicit TLS/SSL" it wont connect, but if i pick regular ftp it works.

also is there a way to for the dns 323 to only work with ftps so that unsecure connections cant be made to it. thanks
Title: Re: How to use FTP over SSL/TLS
Post by: zehninguem on December 31, 2008, 09:22:16 AM
Same question here.....
Title: Re: How to use FTP over SSL/TLS
Post by: Tank_Killer on December 31, 2008, 10:00:57 AM
I dont see any option in the gui for SSL, I as well am wondering how to enable this feature.

thank you.
Title: Re: How to use FTP over SSL/TLS
Post by: jrbilodeau on December 31, 2008, 10:06:53 AM
Ok so i think i might have figured it out. in FileZilla ftp client it works if i select "servertype: FTPES - FTP over explicit TLS/SSL". the it asks if you wish to accept the certificate.

problem that i see with this is that it leaves the security up to the client and not the server. if you get a user that decides not to use ftpes then it sends username and password in clear text over the net, then someone can gain acces to your nas. but if it were possible to specify from the nas to only accept FTPES it would be more secure.
Title: Re: How to use FTP over SSL/TLS
Post by: D-Link Multimedia on December 31, 2008, 10:13:21 AM
New documentation (manual) hasn't been posted yet but we are working on a FAQ for this exact thing. Also we have no plans to disable regular Non-SSL FTP. We leave it up the client (you or however you configure it for your users) to select to use SSL or not.
Title: Re: How to use FTP over SSL/TLS
Post by: zehninguem on December 31, 2008, 10:30:03 AM
Sorry to tell this but we have no plans to give an option to disable non ssl ftp seems a lame answer.
Security should always comes from the server side. The main idea of an ssl ftp is to not have the weaker ftp open to the web.

Just my 5 cents
Title: Re: How to use FTP over SSL/TLS
Post by: jrbilodeau on December 31, 2008, 11:08:31 AM
i totaly agree, there should be an option to select or disable regular ftp on the server side
Title: Re: How to use FTP over SSL/TLS
Post by: mcduarte2000 on December 31, 2008, 01:06:50 PM
I agree. It would be a very important feature to be able to force users to use SSL/TLS. Only that way I would accept to give access to my home server to other users.
Title: Re: How to use FTP over SSL/TLS
Post by: zehninguem on January 03, 2009, 11:07:56 AM
No news from DLINK except for the lame answer?

I'm starting to think that the best way to solve all 323 limitations and buggy firmwares is eBay ;)

FTP server with no log, no way to know who is logged and no way to go only ssl ...
AV UPnP not 100% DLNA ...
Printer server that stops to work every two new versions of firmware ...
Very limited BT client (e.g. can not choose individual files) ...

Good idea weak implementation
Title: Re: How to use FTP over SSL/TLS
Post by: MountainMan on January 03, 2009, 11:29:39 PM
This seems like a very good feature request for 1.07.  I suggest you add a constructive post in the 1.07 feature wish list asking for forced SSL (ie block non SSL log-ins) as a selectable option.  Also give clear reasons why it is important and any specific ideas about how it should be implemented to make sure it is useful and doesn't fail to address this security concern.

The computer industry is full of products and companies with essentially zero post-sales support, even to fix serious bugs.  The fact that D-Link is continuing to actively support this product to fix bugs, add enhancements, and even read/respond to this forum, is excellent.  This alone earns my patience and some customer loyalty as they continue to improve the product.  I encourage you to consider this as well.
Title: Re: How to use FTP over SSL/TLS
Post by: zehninguem on January 04, 2009, 08:23:31 AM
Dear MountainMan

I agree with you but these points were part of my wish list for 1.05, and 1.06.
What bugged me was the answer from DLINk that we will not do that since allowing to disable simple FTP (FTP without ssl) would increase security. I'm a project manager in IT for more than 20 years and security must always come from server side and not count on client side.
Talking about the AV UPnP if it is not recognized by WMP11 as a server the most used mediaclient something is wrong, do I need more justification than that.
Again I had put all these points on the old wish lists and I really tis that this time the "we will not do" answer for the FTP ssl point was a lame one.

Cheers and happy new year
Title: Re: How to use FTP over SSL/TLS
Post by: madpenguin on January 04, 2009, 10:35:00 PM
I agree. There should be an option to disable vanilla FTP in favor of TLS/SSL. I'm not holding my breath tho so thats why I'm in the middle of implementing sftp (ssh) in chroot (funplug). Once up and running, kill port 21 and forget about it.

This is linux folks. Quit *****ing about it and do it yourself. Besides, TLS/SSL is still fairly weak security wise.
Title: Re: How to use FTP over SSL/TLS
Post by: jrbilodeau on January 05, 2009, 05:56:01 AM
ftpes doesn`t seem to work unless your on your local network. right now im at work and it logs in with ftpes but stops at the list command. whats up with this.
Title: Re: How to use FTP over SSL/TLS
Post by: bripab007 on January 05, 2009, 12:19:46 PM
Yes, I'm SFTP typically runs on a port other than the commonly-used 21 for regular FTP, hence why you're seeing it work on the local network, behind your firewall, but not outside it.

We don't know which port, though, as D-Link hasn't told us.  Guess we could use a network traffic analyzer program...
Title: Re: How to use FTP over SSL/TLS
Post by: D-Link Multimedia on January 05, 2009, 12:49:32 PM
Dear MountainMan

What bugged me was the answer from DLINk that we will not do that since allowing to disable simple FTP (FTP without ssl) would increase security.

Where did I say that we absolutely will not do anything in my post? I simply stated at this time there are no plans to make those changes. As you as a Project Manager should know, plans do not always go according to...well...plans. You also have to remember the little guys/gals out there who don't care about the security or or only access it via their internal LAN. The only ones complaining are those who access it outside of their LAN which is beyond what most consumers do already.

There is no reason to start a flame over something as simple as requesting the change in 1.07 requests thread. I started that thread for the sole reason of your constructive feedback and if you feel that we should implement something differently than we have done in the past then by all means make mention of it and we will consider it and its impact as a WHOLE.
Title: Re: How to use FTP over SSL/TLS
Post by: Banshee1971 on January 05, 2009, 04:30:32 PM
i totaly agree, there should be an option to select or disable regular ftp on the server side
Yes... but for now, the easy solution are by the Router ! ... Port-Forward to the NAS only the SSL port ... All other disabled.
Title: Re: How to use FTP over SSL/TLS
Post by: zehninguem on January 06, 2009, 06:43:11 PM
Hi,

Just to give a closure, I'll blame communication. Maybe if DLink had adde [at version 1.06] ... "Also we have no plans to disable regular Non-SSL FTP [at version 1.06]". But, I also could have requested clarification.

Also, I agree with MountainMan that DLink is doing a better job answering our requests than most companies ... but that should but the rule and not the exception in my point of view ...

And, the router forwarding only port 22 is a solution that is not full but fit for us that are interested in more security from the WAN and can not afford having grandmas using ssh clients.

Requests going to 1.07 list

Cheers
Title: Re: How to use FTP over SSL/TLS
Post by: jrbilodeau on January 08, 2009, 06:35:38 AM
i don't really see what the point of using ftp in your internal network is anyway, since you could connect by unc or network drive mapping.
Title: Re: How to use FTP over SSL/TLS
Post by: hilaireg on January 08, 2009, 07:26:21 AM
Yup

The product box has an asterisk (*) beside FTP that does indicate that D-Link recommends using FTP over a VPN ... which seems kinda useless as if one is using VPN, one will most likely use UNC to get to access the files.

Cheers,
Title: Re: How to use FTP over SSL/TLS
Post by: Lucid on January 08, 2009, 09:55:14 AM
Yes... but for now, the easy solution are by the Router ! ... Port-Forward to the NAS only the SSL port ... All other disabled.

BUMP. Dlink is very good with it's support forum and addressing features etc. Though I don't understand why someone would use the FTP over lan. Anyway. No biggie. Anyway...back to the topic...use your router guys!

Lucid
Title: Re: How to use FTP over SSL/TLS
Post by: Tipstaff on January 08, 2009, 03:53:49 PM
Why use FTP on a Lan? Simple: flow control. For instance, I have a client that has 2 DNS-323s setup in their company: 1 for archiving, and 1 for active data (current data). Neither box is directly accessed by their users as they have a server for this purpose. Their server does a synchronized backup of data to the "current" DNS twice a day for both user and database files (btw, this is their setup, and not the way I would do things, so please, no comments on this).

So, lets say you do a direct copy to that DNS over the Lan. What happens? It will do so at the full bandwidth of the connection, and in this case tying up the entire bandwidth to the server. At night they don't care, but during the day? Hell no. This is where FTP comes in. By using FTP we can set the flow control to something more manageable. Something that won't interfere with users access to the server.

Edit: also, while this is something STILL not implemented in the DNS-323 (and something we've been bugging D-Link for ever since the box came out, btw), logging is another reason for using FTP. You don't get that with straight file copying.
Title: Re: How to use FTP over SSL/TLS
Post by: Lucid on January 08, 2009, 07:08:36 PM
Very good answer! Makes perfect sense. Thanks for your reply.
Title: Re: How to use FTP over SSL/TLS
Post by: MisterGoupil on January 11, 2009, 03:14:51 PM
Yes... but for now, the easy solution are by the Router ! ... Port-Forward to the NAS only the SSL port ... All other disabled.

Hi,

Because i'm a newbie !  Can you explain step by step, how to configure the router (mine is Linksys WRT54GS v1.1) to forward only SSL port ...

Thank you in advance.

Laurent
Title: Re: How to use FTP over SSL/TLS
Post by: D-Link Multimedia on January 12, 2009, 04:43:48 PM
.

Edit: also, while this is something STILL not implemented in the DNS-323 (and something we've been bugging D-Link for ever since the box came out, btw), logging is another reason for using FTP. You don't get that with straight file copying.

FTP and Device logging has been added in 1.03(when it releases) DNS-343 firmware. There are plans to add this same option to the next DNS-323 firmware :).
Title: Re: How to use FTP over SSL/TLS
Post by: Lucid on January 12, 2009, 05:10:23 PM
Hi,

Because i'm a newbie !  Can you explain step by step, how to configure the router (mine is Linksys WRT54GS v1.1) to forward only SSL port ...

Thank you in advance.

Laurent

I've used the WRT54GL Firmware Version:4.30.5

I believe you should have no problems following these instructions though

Step 1
1) Login to your routers admin page
2) Click on the Applications and Gaming Tab
3) You are now in teh port forwarding page
4) Under Application Enter NAS SSL (or whatever you want)
5) In both the START and END PORT fields enter 443
6) Leave Protocl at TCP
7) Enter the IP address of your NAS
8) Click on the box to ENABLE the rule
9) Click SAVE SETTINGS

STEP 2
1) Click on SECURITY tab
2) Enable Filter Internet NAT Redirection  (this will use the port forwarding rules to prevent Wan aaccess to LAN servers)
3) Click SAVE SETTINGS.

Hope that helps you.

Cheers!

Lucid
Title: Re: How to use FTP over SSL/TLS
Post by: mcduarte2000 on January 16, 2009, 01:14:20 AM
Step 1
1) Login to your routers admin page
2) Click on the Applications and Gaming Tab
3) You are now in teh port forwarding page
4) Under Application Enter NAS SSL (or whatever you want)
5) In both the START and END PORT fields enter 443
6) Leave Protocl at TCP
7) Enter the IP address of your NAS
8) Click on the box to ENABLE the rule
9) Click SAVE SETTINGS

Did anybody else had success using FTP over SSL from outside the network (ex: using a DynDNS domain)? Which application are you using for the FTPES?
Title: Re: How to use FTP over SSL/TLS
Post by: jrbilodeau on January 18, 2009, 06:59:37 PM
not me, there must be another port to forward or something. Dlink should release some instructions. it only works internal. as a test you could always put the DNS323 in a DMZ, but ONLY as a test i wouldn't recommend it past that because of security risks
Title: Re: How to use FTP over SSL/TLS
Post by: mcduarte2000 on January 31, 2009, 02:17:33 AM
Ping!!!

Any news regarding this? Does anybody at D-Link want to help us configuring FTPS using a DLINK router (on my case DIR-655), for external communications? Until now it seems nobody can use this nice feature, so, D-Link help would really be nice! ;)

Regards,

Miguel Duarte
Title: Re: How to use FTP over SSL/TLS
Post by: Dirk on March 08, 2009, 02:07:41 PM
Yes... but for now, the easy solution are by the Router ! ... Port-Forward to the NAS only the SSL port ... All other disabled.

This does not work. The DNS 323 uses one port (default 21) for both vanilla ftp and ftps. There is no special SSL port.
Dirk
Title: Re: How to use FTP over SSL/TLS
Post by: lucanaut on March 09, 2009, 11:40:01 AM
I have been using plain FTP with no issues on the older firmware version.  Now that I have the new firmware, I tried accessing the DNS using Filezilla with the option of FTP over over explicit TLS/SSL, but no luck.  It appears to connect, but is unable to bring up the folder list.  Am I missing something?  If I revert to plain FTP it works fine, but I kind of would like the extra security.

Thanks!
Title: Re: How to use FTP over SSL/TLS
Post by: bripab007 on March 09, 2009, 11:46:42 AM
Yeah, I haven't figured it out yet either.  I think I'm going to disable the stock FTP server anyway and install ProFTPD or VSFTPD.

That way I'll kill two birds with one stone by fixing the even more annoying stock FTP server issue:  not being able to assign user permissions to multiple folders!
Title: Re: How to use FTP over SSL/TLS
Post by: Zardoz66 on March 09, 2009, 01:25:10 PM

I would also like to config the NAS to only accept SSL connections only.
Title: Re: How to use FTP over SSL/TLS
Post by: jrak on March 15, 2009, 04:37:55 PM
I'm also interested in using FTP over SSL/TLS.  My DNS-323 is connected to a DIR-655 Router.  I have no problem transferring files using unencrypted FTP via Port 21.  But I have no success using the Filezilla client with the server type set to FTPES - FTP over explicit SSL/TLS.  I'm able to connect to the server, but then get the following messages:

Response:   230 OK. Current restricted directory is /
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    ESTP
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTA
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:   211 End.
Command:   PBSZ 0
Response:   200 PBSZ=0
Command:   PROT P
Response:   534 Fallback to [C]
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (192,168,0,191,186,142)
Status:   Server sent passive reply with unroutable address. Using server address instead.
Command:   LIST
Error:   Connection timed out
Error:   Failed to retrieve directory listing

I've read that FTP over SSL/TLS typically uses port 990.  However, the DNS-323 can't be configured to use this port.  So, for the moment, that's as far as I can go.  Does anyone have any suggestions for other things to try?   Or is their another way of encrypting FTP communications that does not require any special expertise.
Title: Re: How to use FTP over SSL/TLS
Post by: lucanaut on March 17, 2009, 08:07:39 AM
That is pretty much verbatim my situation (using FileZilla, so same exact log).  I just got off the phone with D-Link support, and he admitted he had no idea how to help me, and in fact he was looking at this very same forum...uuuuhhhhh...is  there anyone who's qualified who can help us?  Obviously the group of people with this issue is growing.
Title: Re: How to use FTP over SSL/TLS
Post by: bigclaw on March 17, 2009, 08:51:14 AM
Have you tried using active mode instead of passive?
Title: Re: How to use FTP over SSL/TLS
Post by: jrak on March 17, 2009, 09:30:20 AM
I've tried all the options available on Filezilla, but with no success.
Title: Re: How to use FTP over SSL/TLS
Post by: D-Link Multimedia on March 17, 2009, 11:46:59 AM
Best I can do is tell you how to do it on FireFTP. I don't have enough experience on FileZilla to guide you. Perhaps something from this guide can help you with FileZilla Setup.


From the Tools menu, click FireFTP to start the FireFTP FTP client.

(http://img25.imageshack.us/img25/8757/step1x.png)

Create a new connection.

(http://img21.imageshack.us/img21/9683/step2n.png)

Set the IP address and user account on the Main tab of the Account Manager window to login to the DNS-323 FTP server. Click OK.

(http://img18.imageshack.us/img18/3707/step3f.png)

Go to the Connection tab of the Account Manager window and set the security function to “Auth TLS (Best)” mode. Press OK to finish the setting.

(http://img16.imageshack.us/img16/66/step4l.png)

You will now see a series of pop-up warning messages that look similar to these depicted on the right. Click the Or you can add an exception… button.

(http://img4.imageshack.us/img4/6584/step5.png)

Click the Add exception… button

(http://img27.imageshack.us/img27/6871/step6v.png)

Click the Get Certificate button.

(http://img25.imageshack.us/img25/5901/step7.png)

Click the Confirm Security Exception button.

(http://img23.imageshack.us/img23/9554/step8o.png)

Press the Connect button to connect to the DNS-323 FTP server.

(http://img300.imageshack.us/img300/4305/step9.png)

This window indicates you have made a successful connection.

(http://img300.imageshack.us/img300/8546/step10.png)
Title: Re: How to use FTP over SSL/TLS
Post by: jrak on March 17, 2009, 09:05:01 PM
Thanks for the guidance on using FireFTP.  I followed the instructions and was able to log on to my server.  However, I was not able to access my files.  Whenever I tried to open a directory -- whether it was large or small -- the program would indicate that it was "running" and then a minute or so later it generated a 421 time out error.  When I disabled the TLS security, I was able to access the files immediately.
Title: Re: How to use FTP over SSL/TLS
Post by: lucanaut on March 18, 2009, 11:15:24 AM
Same here...which is essentially similar to what happened with FileZilla or another client I tried - log in seems successful, but access to directories is not working.  At least it's consitently NOT working.  I'm starting to wonder if SSl/TLS support was not sufficiently tested to make sure it actually works, and whether there's a problem with the new firmware...
Title: Re: How to use FTP over SSL/TLS
Post by: clubincdj on March 18, 2009, 11:51:46 AM
Has anyone considered the HUGE security hole that the FTP server has NO anti-hack feature for incorrect login attempts?? That has bad written all over it. I have another FTP server at home that people try to get in all the time, but it has anti-hack built into it's firmware. It did cost 5 times more that my D-Link though...
Title: Re: How to use FTP over SSL/TLS
Post by: bripab007 on March 18, 2009, 01:46:02 PM
What exactly does this "anti-hack" feature do?
Title: Re: How to use FTP over SSL/TLS
Post by: jrak on March 18, 2009, 04:43:40 PM
As I see it, there are 2 security issues here.  One is the risk associated with transmitting unencrypted passwords and the other is the risk associated with a hacker using a brute force dictionary attack.  While the former would be addressed by transmitting FTP over SSL/TLS, the latter would not.  I'm not sure how vulnerable the DNS 323 is to a brute force attack and, as a consequence, I don't have the FTP server turned on or leave a port open on my router.  Does anyone have sense of what the risks might be given the lack of anti-hacking measures on the device?
Title: Re: How to use FTP over SSL/TLS
Post by: ttmcmurry on March 19, 2009, 05:22:48 PM
There aren't any measures such as:

Auto-Ban IP after x failed attempts / ban retry interval
Allowed IP address(es)
Deny IP address(es)
Allow if specific user certificate is present

The 323 is a SOHO device, not a full fledged FTP server.

One side of me says "if you're going to make a FTP server that does TLS/SSL, then do it right and give us the above features (and ability to specify pasv port range)."

The other side of me says "who gives a flip about SSL/TLS at home?  It will slow down the transfer due to encryption."

I'd hope said security features would be available to us; and perhaps if implemented you could have a "Simple" "Advanced" & "Off" radio button in the 323's web GUI for FTP setup (that defaults to simple).  That way it's always in simple/dumb mode unless a user who knows what they're doing sets it to advanced mode with the goodies.  That would keeps down on user frustration because they don't get it by keeping the interface intentionally simplified.
Title: Re: How to use FTP over SSL/TLS
Post by: fordem on March 19, 2009, 07:02:59 PM
There aren't any measures such as:

Auto-Ban IP after x failed attempts / ban retry interval
Allowed IP address(es)
Deny IP address(es)
Allow if specific user certificate is present

The 323 is a SOHO device, not a full fledged FTP server.
<SNIP>

Maybe it's just the network engineer in me - but items #2 & #3 in your list would be best handled in the router/firewall - at least, that's where I've been doing it for much of the last decade.
Title: Re: How to use FTP over SSL/TLS
Post by: ttmcmurry on March 19, 2009, 07:48:38 PM
Maybe it's just the network engineer in me

Hehe, the struggle between network and admin guys ensues.  :)

Yeah, while the router is an acceptable place to do that, it may be desirable to ban or allow an ip address to/from specific services.  The router approach enables or disables all access regardless of what service it's connecting to. 

We both know in an enterprise environment we get that kind of granularity on the router/firewall, but for SOHO not all routers have access lists to control specific data connections -- the D-Link 6xx & 8xx series do, but not every vendor does.  It's for that reason I suggest the IP filtering on the FTP server; it's what I'd consider a "standard" modern FTP feature.
Title: Re: How to use FTP over SSL/TLS
Post by: lucanaut on March 23, 2009, 02:39:13 PM
That's all great, but right now the 323 doesn't even seem to offer the feature it advertises in the latest firmware (FTP over SSL/TLS).  I sent an email to D-Link support and they sent me the usual "how to set up an FTP server" set of directions.  i.e. useless.
Title: Re: How to use FTP over SSL/TLS
Post by: hvl on March 23, 2009, 04:37:25 PM
By default port 443 is for the https, if you enable forward that port in your router, it will by default go to the web page to configure your NAS. So I wouldn't recommend forwarding that port as suggested by someone in this thread.

What do you need to do to enable Explicit TLS
Forward port 21 in your router, that's obvious.
What is not obvious is that you need to forward also data port. The problem it is a range, and it looks to be a big range. I haven't figureout the range yet, it would be nice if in the next release of the firmware this could be configure.

I don't know if Implicit SSL/TLS work, I don't have access to the router now, but the default are Port 990/TCP for the FTPS control channel and 989/TCP for the FTPS data channel.

Hope this help to figure out what happening.
Title: Re: How to use FTP over SSL/TLS
Post by: bribri007 on October 03, 2009, 08:00:51 AM
I'm quite late to the party but I just spent the last two hours reading about this and was successfully able to replicate the problem. 

So now that it has been a few months has everyone given up on this?  Are we just waiting for 1.08 to come out?  Has anyone managed a fix yet?  I think it's very sad that I just spent several hours upgrading the firmware exclusively for TLS support to find out that it doesn't even work. 

If anyone is monitoring this thread still and has found a solution that doesn't require mod'ing the firmware with funplug please write about it. 

thanks
Title: Re: How to use FTP over SSL/TLS
Post by: jrak on January 16, 2010, 10:00:22 PM
Last year, I've tried repeatedly to use FTP over SSL/TLS without success.  This evening, I updated FileZilla and tried again with the results listed below.  Have I met with success?


Resolving address of XXXXX.dlinkddns.com
Status:   Connecting to XXX.XXX.XX.195:21...
Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 10 allowed.
Response:   220-Local time is now 00:52. Server port: 21.
Response:   220 You will be disconnected after 2 minutes of inactivity.
Command:   USER AAAA
Response:   331 User AAAA is OK. Password required
Command:   PASS **************
Response:   230 OK. Current restricted directory is /
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    ESTP
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTA
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:   211 End.
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (207,237,65,195,118,137)
Command:   MLSD
Response:   150 Accepted data connection
Response:   226-ASCII
Response:   226-Options: -l
Response:   226 1 matches total
Status:   Directory listing successful


Title: Re: How to use FTP over SSL/TLS
Post by: gunrunnerjohn on January 17, 2010, 07:45:04 AM
Transfer a file, then you'll know.  I could not get FTP over SSL/TLS working remotely, it works fine on my local network.  I finally gave up, don't know what the issue was.  I was getting connected remotely, but I couldn't get a directory listing, and of course that's where I was dead.
Title: Re: How to use FTP over SSL/TLS
Post by: jrak on January 17, 2010, 11:06:52 AM
I was able to transfer a file within my network.  When I connected to a router outside my network (using a wireless card on a laptop), I was able to download a file as well.  I've made no changes to my router's setup (DLink 655) or the DNS-323.  The only change has been the update to Filezilla.
Title: Re: How to use FTP over SSL/TLS
Post by: gunrunnerjohn on January 17, 2010, 11:38:48 AM
It might be my Actiontec MI424WR that is causing me the issue, I can't say.  In any case, I never did get external secure FTP working. :)
Title: Re: How to use FTP over SSL/TLS
Post by: consumeraficionado on March 18, 2011, 04:10:39 PM
By default port 443 is for the https, if you enable forward that port in your router, it will by default go to the web page to configure your NAS. So I wouldn't recommend forwarding that port as suggested by someone in this thread.

What do you need to do to enable Explicit TLS
Forward port 21 in your router, that's obvious.
What is not obvious is that you need to forward also data port. The problem it is a range, and it looks to be a big range. I haven't figureout the range yet, it would be nice if in the next release of the firmware this could be configure.

I don't know if Implicit SSL/TLS work, I don't have access to the router now, but the default are Port 990/TCP for the FTPS control channel and 989/TCP for the FTPS data channel.

Hope this help to figure out what happening.
I am also coming late to this party, but I have tried the Explicit setting  on FileZilla and am met with Directory listing unsuccessful (firmware 1.08).  Is there anything special that I need to do to get this working?

I was unable to get connectivity using Implicit setting, do I need top forward port 989/990?