FTPES not working outbound

  • I have a basic setup with only one WAN and just the default firewall rules.
    I can connect to ordinary anonymous ftp servers and download files just perfect. But when i try to connect to a FTPES (FTP over explicit TLS/SSL) server i get a timeout:
    This is the output from filezilla, I get the same result with SmartFTP.

    12:23:19 Status: Resolving IP-Address for xx.xx
    12:23:19 Status: Connecting to xx.yy.zz.ww:21…
    12:23:19 Status: Connection established, waiting for welcome message...
    12:23:19 Response: 220 Welcome to xx
    12:23:19 Command: AUTH TLS
    12:23:19 Response: 234 Proceed with negotiation.
    12:23:19 Status: Initializing TLS...
    12:23:19 Command: USER xxx
    12:23:40 Error: Connection timed out

    BTW SCP to the same server works just fine.
    And this works fine behind my old crappy Zyxell router.
    Hope anyone has any suggestions.


  • Bumping issue…
    Anyone has a suggestion?

  • I don't have an answer but have near the same problem.

    I can use a Winders XP box setup for ICS running Blackice Defender and connect to encrypted ftps no problem but pfsense will NOT allow me to connect to two of the three I usually visit?  Here is the Filezilla log from one of those.

    Status: Connecting to .***.***.
    Status: Connected with ***.***.***.***, negotiating SSL connection...
    Response: 220 Serv-U FTP Server v6.2 for WinSock ready...
    Command: AUTH SSL
    Response: 234 AUTH command OK. Initializing SSL connection.
    Error: Timeout detected!
    Error: Unable to connect!

    Seems that pfsense is blocking the return command port or something like that as secure ftps use two ports.  One for data and the other for commands.

    ftp helper is enabled on mine so that doesn't help?

    So is there any work around for this problem?

Log in to reply