This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTPS (FTP +TLS/SSl)-connection to internal FTP-Service

Hello,

I've already searched the community for posts, but didn't find anything suitable on the subject of "FTPS".
As far as I know, I have released all relevant ports, but the connection from the outside still fails.
The goal is to save the recordings from the external camera to the network share via the Internet via FTPS.


The environment:
Synology NAS with enabled FTPS-Service
- Port 21
- passive (55536:57583)
- NAS-Setting FTP

Camera reolink (RLC-410w)
- Port 21
- FTPS
- Cam-Setting_FTP


UTM OS [9.712-13]
- DNAT-Rule
Internet IPv4 → FTP (1:65535 → 21) → External (WAN)(Address)
Target: NAS
Auto firewall rule: on

- DNAT-Rule
Internet IPv4 → FTP-passiv (1:65535 → 55536:57583) → External (WAN) (Address)
Target: NAS
Auto firewall rule: on

A test connection from the camera says: 454 verification failed.
I don't see any abnormalities in the "Network Protection" log.

Do you have any idea?
I would appreciate any help.


best Regards



This thread was automatically locked due to age.
Parents
  • Hi Ulf,

    I'v posted it here even many times, but please:

    Stop using FTPS!

    It is a bad hack and a pain on a firewall. If you don't really understand what is going on with FTPS you will get stuck.

    Instead use SFTP which is a completely different protocol (use only TCP/22).

    If you don't mind, analyse the packetfilter.log, there you will see what is getting blocked.

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria

Reply
  • Hi Ulf,

    I'v posted it here even many times, but please:

    Stop using FTPS!

    It is a bad hack and a pain on a firewall. If you don't really understand what is going on with FTPS you will get stuck.

    Instead use SFTP which is a completely different protocol (use only TCP/22).

    If you don't mind, analyse the packetfilter.log, there you will see what is getting blocked.

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria

Children
  • Hello, Josef,

    That doesn't help me and I know it's not optimal.
    But you have certainly read the whole article and looked at the options for setting up the camera above.

    Then, I would like to establish the connection but not unsecured

  • Hi Ulf,

    I'm sorry for my drastic post, but it is annoying to see this same problems over the last years.

    I know that most of this Io(u)T don't support SFTP but as said, stop using FTPS especially if you don't know exactly what is going on. See also FTPS Firewall incompatibilities.

    If you really want to use it, check the packetfilter.log for dropped packets from your camera IP and fix/adapt you according NAT/Firewall-Rules. 

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria