Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Buhric]

Not quite sure... should be the same thing...
but, hey, i've seen stranger things with this firmware....

I personaly never used / setup a Secured FTP server... just standard FTP

But I just did some testing... enabling FTP and puting the checkmark in SSL/TLS
And I tried connecting with CuteFTP localy and it worked fine when using my 192.168.xxx.xxx address
So I tried again from inside my network, but using my external IP, and it worked fine again....
At some point it even substitued my PASV address from my internal 192.168.xxx.xxx to my external IP
So on to the next point... tried accessing my FTP from an external site using my DNS name (DynDNS.org)
and it also worked fine.

The only difference I saw is that my FTP Client never used the MLSD command
just the LIST command.

Im using CuteFTP 8.0 Pro.... not sure how to make it used MLSD instead of LIST....

[jolley]

Not sure whether it's related or not but my secure FTP would not work until I checked the SSL/TLS box.
It continued to work after unchecking the box again.

[gunrunnerjohn]

If you don't check the SSL/TLS on the DNS-323, you aren't using secure FTP.

[jolley]

Sorry to disagree, but I think I am. The checkbox says allow SSL/TLS ONLY, which I assume means do not allow unsecure FTP. With the box unticked I can connect both secure and unsecure using FileZilla remotely and locally.

First I connect unsecure using servertype: FTP Transfer Protocol

Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 10 allowed.
Response:   220-Local time is now 20:43. Server port: 21.
Response:   220-This server supports FXP transfers
Response:   220 You will be disconnected after 10 minutes of inactivity.
Command:   USER ******
Response:   331 User ****** OK. Password required
Command:   PASS ******

Then I connect secure using servertype: FTPES - FTP over explicit TLS/SSL

Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [TLS] ----------
Response:   220-You are user number 1 of 10 allowed.
Response:   220-Local time is now 20:44. Server port: 21.
Response:   220-This server supports FXP transfers
Response:   220 You will be disconnected after 10 minutes of inactivity.
Command:   AUTH TLS
Response:   234 AUTH TLS OK.
Status:   Initializing TLS...
Status:   Verifying certificate...
Command:   USER ******
Status:   TLS/SSL connection established.
Response:   331 User ****** OK. Password required
Command:   PASS ******

When I connect securely I get a message box with the RSA 2048 bit certificate. Like I get with other SFTP sites.

[gunrunnerjohn]

Well, the whole point of the exercise was to require secure connections, at least for me.  

[DocD]

I get as far as trying to get a directory listing, and then it fails.  I've forwarded ports 21, 22, 990, and the default passive range of 55536-55663.

I'll take one more stab at this  ...
I may have alluded to it some time back, but not sure if I asked the question - did you ever forward port 989 on your router?  For secure FTP, IIRC, 990 is control and 989 is data.  Worth a shot...

-DocD

[gunrunnerjohn]

I put the DNS-323 in the DMZ of the router, it still didn't work.

[DocD]

I remember you trying that.  Still, my client had a 2Wire router that I was trying to do Remote Assistance session with.  Even though the client put their computer in the DMZ, the ports were not open and I could not connect.  We got it to work on occasion by rebooting the router after every change - but it was not consistent.  We ended up replacing the bugger with an older D-Link Wireless-G router - one not supplied by the telco.  Not a single problem since - I can connect upon invitation and the client is happy.

Not sure if opening the port would work - but based on my 2Wire & ATT DSL experience, unless I have access to the vendor screens, I'm not sure what blocking is going on.  My experience has been that the DMZ is open for common ports - but is it open for everything?  It supposed to be - but depending on the vendor (2Wire is a prime example) - I'm not so sure anymore... 

Of course, your mileage may vary...  I'll put away my soapbox now...

-DocD

[gunrunnerjohn]

The problem with replacing my router is that I have FiOS TV, and the router provides the Guide and On Demand features, so a replacement isn't in the cards.