Setting up Filezilla server for secure FTP - FTPS
Setting up the server, especially if it is behind a firewall and using NAT can be a bit of a headach at times. The key things to note are:
- If you are working in Passive mode, you will need to open up not just port 990 for the secure stuff but also ports 5000-5100.
- In the SSL/TLS settings you will need to generate or add a certificate - just follow the wizard - and decide if you are going to enfore FTPS by using the Disallow plain...' check box.
- On the client side, just enfoce encryption and go to FTPS://ftp.site.com.
- When the user logs on they'll get shown the certifcate for the site - check it looks good - and away they go!
Status: Resolving address of ftp.xxxxxxx.net
Status: Connecting to xxxxxxxxxxxxx...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS/SSL connection established, waiting for welcome message...
Response: 220-Welcome to the xxxxxxxxx plc Secure FTP server
Response: 220----------------------------------------------------------------------------
Response: 220-Note that this site will soon no longer support plain text FTP and
Response: 220-to connect one MUST use Secure FTP - FTPS.
Response: 220-
Response: 220-The Open Source [Free] FTP client FileZilla is one of many
Response: 220-FTP clients which support secure FTP.
Response: 220-
Response: 220-Web browsers do NOT support FTPS with extra plugins.
Response: 220----------------------------------------------------------------------------
Response: 220-Anonymous users have read only access
Response: 220 For more information contact administrator (at) xxxxxxx.co.uk
Command: USER DavidM
Response: 331 Password required for davidm
Command: PASS *************
Response: 230 Logged on
Command: SYST
Response: 215 UNIX emulated by FileZilla
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: MODE Z
Response: MLST type*;size*;modify*;
Response: MLSD
Response: AUTH SSL
Response: AUTH TLS
Response: PROT
Response: PBSZ
Response: UTF8
Response: CLNT
Response: MFMT
Response: 211 End
Command: PBSZ 0
Response: 200 PBSZ=0
Command: PROT P
Response: 200 Protection level set to P
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (xxxxxxxx19,152)
Command: MLSD
Response: 150 Connection accepted
Response: 226 Transfer OK
Status: Directory listing successful
But none of this will work unless you also remember to open up the same ports on the firewall.