Solved

Secure FTP on ReadyNAS Pro using FileZilla

Posted on 2011-02-22
5
2,898 Views
Last Modified: 2012-06-21
The Netgear ReadyNAS Pro is set up to run FTP/S using ProFTP 1.3.3 Server and I'm using the latest FileZilla FTP client.  On the LAN, I can connect securely using FTPES (FTP over explicit TSL/SSL) using Port 21.

I opened a port on the SonicWALL to direct incoming WAN Port 21 traffic to the ReadyNAS.  On a laptop that's outside our SonicWALL, I can establish a secure FTPES connection but it can't list the files in the share.  Here's a dump of the FileZilla log:

Status:      Connecting to X.X.X.X:21...
Status:      Connection established, waiting for welcome message...
Response:      220 ProFTPD 1.3.3 Server (NETGEAR ReadyNAS) [192.168.0.50]
Command:      AUTH TLS
Response:      234 AUTH TLS successful
Status:      Initializing TLS...
Status:      Verifying certificate...
Command:      USER xxxxx
Status:      TLS/SSL connection established.
Response:      331 Password required for xxxxx
Command:      PASS **********
Response:      230 User xxxxx logged in
Command:      SYST
Response:      215 UNIX Type: L8
Command:      FEAT
Response:      211-Features:
Response:       MDTM
Response:       MFMT
Response:       TVFS
Response:       UTF8
Response:       AUTH TLS
Response:       MFF modify;UNIX.group;UNIX.mode;
Response:       MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
Response:       LANG en-US*
Response:       PBSZ
Response:       PROT
Response:       SITE MKDIR
Response:       SITE RMDIR
Response:       SITE UTIME
Response:       SITE SYMLINK
Response:       REST STREAM
Response:       SIZE
Response:      211 End
Command:      OPTS UTF8 ON
Response:      200 UTF8 set to on
Command:      PBSZ 0
Response:      200 PBSZ 0 successful
Command:      PROT P
Response:      200 Protection set to Private
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is the current directory
Command:      TYPE I
Response:      200 Type set to I
Command:      PORT 192,168,9,100,192,110
Response:      500 Illegal PORT command
Command:      PASV
Response:      227 Entering Passive Mode (192,168,0,50,152,88).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      MLSD
Error:      GnuTLS error -53: Error in the push function.


Any ideas?
0
Comment
Question by:Wade_Chestnut
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 34958039
i can see the log is wanting to move to passive mode which access a non-standard port.  review the links below.  the first is simply setting up the sonicwall for ftp access.  i think you've already done that.  the second discusses passive ftp and how it relates to the sonicwall.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7508

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3718
0
 
LVL 33

Expert Comment

by:digitap
ID: 34958045
also, review the link below as it has some good discussion on passive ftp relating to the sonicwall.

http://rdsrc.us/PUrvL6
0
 

Author Comment

by:Wade_Chestnut
ID: 34961265
Thanks for the suggestions, digitap.  Unfortunately, we don't have the Enhanced OS so I can't use the suggested steps.  We already have plans on replacing the SonicWALL with a FortiWiFi router in the next month or so.

I did read more on active vs. passive FTP and even tried to set a short (43085-43090), custom passive port range on the ReadyNAS and open those ports on the SonicWALL, but now it won't connect at all -- even when I tried to change the settings back. : \
0
 

Author Comment

by:Wade_Chestnut
ID: 34961442
Nevermind!  The darn ReadyNAS's FTP server wasn't running.  It's working now!  Thanks for your guidance!!
0
 
LVL 33

Expert Comment

by:digitap
ID: 34962279
hehe...small details :)  thanks for the points!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outlook Anywhere is not working. 2 46
HHTP and HTTPS redirect question 3 112
exchange 2010 turning off 3des ciphers 2 201
Schannel Error in Event Viewer 3 52
By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question