Setting up Filezilla server for secure FTP - FTPS

Setting up the server, especially if it is behind a firewall and using NAT can be a bit of a headach at times. The key things to note are:

  1. If you are working in Passive mode, you will need to open up not just port 990 for the secure stuff but also ports 5000-5100.
  1. In the SSL/TLS settings you will need to generate or add a certificate - just follow the wizard - and decide if you are going to enfore FTPS by using the Disallow plain...' check box.

  1. On the client side, just enfoce encryption and go to FTPS://ftp.site.com.

  1. When the user logs on they'll get shown the certifcate for the site - check it looks good - and away they go!

 

Status:      Resolving address of ftp.xxxxxxx.net
Status:      Connecting to xxxxxxxxxxxxx...
Status:      Connection established, initializing TLS...
Status:      Verifying certificate...
Status:      TLS/SSL connection established, waiting for welcome message...
Response:               220-Welcome to the xxxxxxxxx plc Secure FTP server
Response:               220----------------------------------------------------------------------------
Response:               220-Note that this site will soon no longer support plain text FTP and
Response:               220-to connect one MUST use Secure FTP - FTPS.
Response:               220-
Response:               220-The Open Source [Free] FTP client FileZilla is one of many
Response:               220-FTP clients which support secure FTP.
Response:               220-
Response:               220-Web browsers do NOT support FTPS with extra plugins.
Response:               220----------------------------------------------------------------------------
Response:               220-Anonymous users have read only access
Response:               220 For more information contact administrator (at) xxxxxxx.co.uk
Command:               USER DavidM
Response:               331 Password required for davidm
Command:               PASS *************
Response:               230 Logged on
Command:               SYST
Response:               215 UNIX emulated by FileZilla
Command:               FEAT
Response:               211-Features:
Response:               MDTM
Response:               REST STREAM
Response:               SIZE
Response:               MODE Z
Response:               MLST type*;size*;modify*;
Response:               MLSD
Response:               AUTH SSL
Response:               AUTH TLS
Response:               PROT
Response:               PBSZ
Response:               UTF8
Response:               CLNT
Response:               MFMT
Response:               211 End
Command:               PBSZ 0
Response:               200 PBSZ=0
Command:               PROT P
Response:               200 Protection level set to P
Status:      Connected
Status:      Retrieving directory listing...
Command:               PWD
Response:               257 "/" is current directory.
Command:               TYPE I
Response:               200 Type set to I
Command:               PASV
Response:               227 Entering Passive Mode (xxxxxxxx19,152)
Command:               MLSD
Response:               150 Connection accepted
Response:               226 Transfer OK
Status:      Directory listing successful

But none of this will work unless you also remember to open up the same ports on the firewall.