I use Filezilla as the FTP client.
I want to connect to my ftp in a secure way, so lunarpages support wrote me to use the FTP over TLS(explicit) option.
It worked when the computer is connected to the internet with no router (in active mode).

BUT when the computer is connected using a router there is a problem.
When i use passive mode then it connect end EVEN show me the folders in the root directory.
But, when i try to open these folder by clicking them, i get this:

//Here the ftp client starts the connection:


//Here i see all the folders in the ROOT, so here i press the WWW folder:

Error:   Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error:   Could not retrieve directory listing

-----
So as you see it stucks on the LIST command and does not go in WWW.

IF i set the mode to ACTIVE this is what i get:



So here as you see by the error there is a NAT problem.
Maybe i should forward some ports but which (i think tls pick random port ...)


Please help.
Thanks.

Why not just use your ftp software in a normal manner? It will still ask for password. Granted, it's not the most secure method, but it's probably about as secure as e-mail, not that e-mail is highly secure

Maybe someone here will have more info.

Wayne Sallee
Webmaster@LeesburgNazarene.org

Well, I decided to give it a try and see if I could get in. I downloaded the software and am seeing what I can do.

Wayne Sallee
Webmaster@LeesburgNazarene.org

Well, I tryed to see if I could get it, but I keep getting the error

It does this when it gives the command "list".

Well I tried to see if I could figure it out for you.

Wayne Sallee
Webmaster@LeesburgNazarene.org

We allow FTP +Explicit TLS on our Basic and Business plans, however to get it working correctly you need to do some port forwarding at the router level. Last time I tried it out I just had to DMZ one of my machines to get it working correctly cause it wanted to use random ports.

I've been looking intothis and as soon as i get the scoop i will post it here. probably tomorrow.

stand by. Answers to follow. 

Give this a try:

Just to provide some clarification and correct any misinformation, what our servers support is FTP w/ Explicit TLS Encryption. They don't support SFTP or FTP w/ Implicit SSL/TLS Encryption.

It sounds like you have managed to get TLS encryption setup properly for your FTP session, however you are simply unable to list the directory contents. This issue is caused by the fact that you are behind a router which utilizes NAT (Network Address Translation) and you are using non-passive ftp. Please enable passive mode in your FTP client and everything should work properly for you. An overview of the options you should have selected are below:

Server: domain.com
Port: 21
Type: FTP w/ Explicit TLS Encryption
Mode: Passive
Username: username
Password: password

I have tested the following options in FileZilla and they work properly, I also had someone on a Mac test with YummyFTP and it also worked.
However please note that in YummyFTP the FTP Type is not listed as "FTP w/ Explicit TLS Encryption", instead it is labeled "Secure FTPS SSL/TLS".

If you have tried connecting via standard FTP without encryption and without passive mode enabled, and you're wondering why it worked fine in that instance but doesn't work when encryption is enabled, here's the short answer: Since you're behind a router, when in non-passive mode your FTP client will try to command the server to connect to it's LAN IP. This obviously won't work, however your router will recognize what the FTP client is attempting and will actually replace the LAN IP with the proper IP address and configure data forwarding so that the FTP connection works for you. When in an encrypted session, however, the router cannot read the FTP commands as they are not in plain text.
Therefore it cannot replace the LAN IP nor setup data forwarding and non-passive mode suddenly does not work. This is why passive mode is required, instead of the FTP client instructing the server to connect on port X of the LAN IP, it requests that the server inform it what IP address and port it can connect to. This allows the FTP client to make an outbound connection rather than trying to initiate an inbound one, which avoids all the nasty NAT issues.

Today, passive mode is actually preferred to non-passive mode as it avoids many issues that can be caused by the presence of routers and in a few other situations. Also if you were unsure, FTP w/ Explicit TLS is very secure, no login credentials or file data is sent unencrypted.Just to provide some clarification and correct any misinformation, what our servers support is FTP w/ Explicit TLS Encryption. They don't support SFTP or FTP w/ Implicit SSL/TLS Encryption.

If this doesn't work let me know.

Yep it works.

Be sure to set both settings to passive.
the advance one, and the settings one under firewall.

Wayne Sallee
Webmaster@LeesburgNazarene.org