0

I'm trying to configure FTP over SSL on my server. I added an FTP site in IIS and followed the wizard, setting the bindings and certificate. However when I try to connect to the server using FileZilla the connection gets refused by the server. I also noticed that no welcome message appears. I also noticed that the server sends a reply with an unroutable address. I don't really know how to proceed from here as the setup seems OK for me.

Log:

Status: Resolving address of jensgm.com
Status: Connecting to 213.153.1.168:990...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS connection established, waiting for welcome message...
Status: Connected
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Command:    LIST
Response:   150 Opening BINARY mode data connection.
Error:  The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing

Log file says:

'long time stanp' JENSGM\jensgm 192.168.1.2 21 LIST - 550 1236 15 1cf4a073-6f69-481f-8083-4ec4debfc810 /

'long time stanp' JENSGM\jensgm 192.168.1.2 21 ControlChannelClosed - - 1236 0 1cf4a073-6f69-481f-8083-4ec4debfc810 -
Jens
  • 35
  • 1
  • 9

1 Answers1

5

It seems you are using Passive mode.

Passive mode uses TCP ports from 1024 to 65534 for Data channel.

Make sure no Firewall is blocking this port range.

Else, switch to active mode to only use TCP/20 for Data channel.

EDIT :

Also, FTPS can operate in two distinct mode : implicit or explicit.

  • Explicit will use standards ports (for Active mode) : TCP/21 & TCP/20
  • Implicit will use TCP/990 for command and TCP/989 for Data channel

http://en.wikipedia.org/wiki/FTPS

krisFR
  • 12,830
  • 3
  • 31
  • 40
  • It seems that (according to this: http://serverfault.com/questions/224553/enable-active-ftp-on-window-server-2008-iis) that IIS has both passive and active available. So I tried setting FileZilla to use Active mode, but this gave the same result. – Jens Apr 19 '15 at 14:49
  • So then, did you check for a potential Firewall issue ? – krisFR Apr 19 '15 at 14:52
  • i didn't do anything for passive mode, but ports 20, 21 and 990 are good. – Jens Apr 19 '15 at 14:53
  • 1
    hmmm...have a closer look against any Firewall issue, and post relevant clues that prove it could not be an issue. In other words what have you tried to eliminate a Firewall issue ? – krisFR Apr 19 '15 at 16:34
  • Please post this as an edit of your question with appropriate code tags. It is unreable as it... – krisFR Apr 19 '15 at 16:49
  • Might look like the connection is trying to use passive even though i told it not to. Hmm... – Jens Apr 19 '15 at 16:56
  • Are you doing implicit or explicit FTPS ? Implicite uses TCP/989 for data channel – krisFR Apr 19 '15 at 17:01
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/22988/discussion-between-jens-and-krisfr). – Jens Apr 19 '15 at 17:02