Secure FTP on ReadyNAS Pro using FileZilla

Posted on 2011-02-22
Last Modified: 2012-06-21
The Netgear ReadyNAS Pro is set up to run FTP/S using ProFTP 1.3.3 Server and I'm using the latest FileZilla FTP client.  On the LAN, I can connect securely using FTPES (FTP over explicit TSL/SSL) using Port 21.

I opened a port on the SonicWALL to direct incoming WAN Port 21 traffic to the ReadyNAS.  On a laptop that's outside our SonicWALL, I can establish a secure FTPES connection but it can't list the files in the share.  Here's a dump of the FileZilla log:

Status:      Connecting to X.X.X.X:21...
Status:      Connection established, waiting for welcome message...
Response:      220 ProFTPD 1.3.3 Server (NETGEAR ReadyNAS) []
Command:      AUTH TLS
Response:      234 AUTH TLS successful
Status:      Initializing TLS...
Status:      Verifying certificate...
Command:      USER xxxxx
Status:      TLS/SSL connection established.
Response:      331 Password required for xxxxx
Command:      PASS **********
Response:      230 User xxxxx logged in
Command:      SYST
Response:      215 UNIX Type: L8
Command:      FEAT
Response:      211-Features:
Response:       MDTM
Response:       MFMT
Response:       TVFS
Response:       UTF8
Response:       AUTH TLS
Response:       MFF modify;;UNIX.mode;
Response:       MLST modify*;perm*;size*;type*;unique*;*;UNIX.mode*;UNIX.owner*;
Response:       LANG en-US*
Response:       PBSZ
Response:       PROT
Response:       SITE MKDIR
Response:       SITE RMDIR
Response:       SITE UTIME
Response:       SITE SYMLINK
Response:       REST STREAM
Response:       SIZE
Response:      211 End
Command:      OPTS UTF8 ON
Response:      200 UTF8 set to on
Command:      PBSZ 0
Response:      200 PBSZ 0 successful
Command:      PROT P
Response:      200 Protection set to Private
Status:      Connected
Status:      Retrieving directory listing...
Command:      PWD
Response:      257 "/" is the current directory
Command:      TYPE I
Response:      200 Type set to I
Command:      PORT 192,168,9,100,192,110
Response:      500 Illegal PORT command
Command:      PASV
Response:      227 Entering Passive Mode (192,168,0,50,152,88).
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      MLSD
Error:      GnuTLS error -53: Error in the push function.

Any ideas?
Question by:Wade_Chestnut
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 33

Accepted Solution

digitap earned 500 total points
ID: 34958039
i can see the log is wanting to move to passive mode which access a non-standard port.  review the links below.  the first is simply setting up the sonicwall for ftp access.  i think you've already done that.  the second discusses passive ftp and how it relates to the sonicwall.
LVL 33

Expert Comment

ID: 34958045
also, review the link below as it has some good discussion on passive ftp relating to the sonicwall.

Author Comment

ID: 34961265
Thanks for the suggestions, digitap.  Unfortunately, we don't have the Enhanced OS so I can't use the suggested steps.  We already have plans on replacing the SonicWALL with a FortiWiFi router in the next month or so.

I did read more on active vs. passive FTP and even tried to set a short (43085-43090), custom passive port range on the ReadyNAS and open those ports on the SonicWALL, but now it won't connect at all -- even when I tried to change the settings back. : \

Author Comment

ID: 34961442
Nevermind!  The darn ReadyNAS's FTP server wasn't running.  It's working now!  Thanks for your guidance!!
LVL 33

Expert Comment

ID: 34962279
hehe...small details :)  thanks for the points!

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question