FTPS failed with port 990

Get help for specific problems
Posts: 2
Joined: 25 Jul 2019

ck9900

is freefilesync ftps only use port 21?
cause i able to connect my ftps with port 990, but when using freefilesync, it only work on port 21.
i use port 990, it have error.
"Cannot determine final path for "ftp://192.168.x.x/~".
CURLE_OPERATION_TIMEDOUT: Connection timed out after 15000 milliseconds [curl_easy_perform]"

** url suppose ftps://192.168.x.x, not ftp://192.168.x.x
------------------------------
my setting: (version 10.7/10.14)
server: 192.168.x.x
port: 990
explicit: on

when i click on browse, it come out above error.
while, if i set the freefilesync and FTPS server both port to 21, then it work normal.
-----------------------------
connect from ftp client, both port 21 and 990 is working.
but freefilesync only able to use 21, seem like port field is not working.

Thanks
User avatar
Site Admin
Posts: 7040
Joined: 9 Dec 2007

Zenju

Have you set encryption to "Explicit SSL/TLS" in FreeFileSync?
Posts: 2
Joined: 25 Jul 2019

ck9900

yes.
explicit: on
Posts: 8
Joined: 4 Sep 2019

simo

I'm having this problem too. Port 990 apparently needs "implicit" and not "explicit".
Posts: 4
Joined: 13 Apr 2021

jjosemar

Recently implicit FTPS through port 990 has regained popularity, at least in my area, as ISPs started to block port 21 by default.
They say it can be used for unencrypted communication (i.e. plain-text FTP), and therefore they're blocking it for everyone in order to mitigate the security risk, unless you pay for a static IP address.

I would like to join the other users in this thread (and also here) for the request for implicit FTP support in FreeFileSync.
It will be much appreciated

Thank you!
Last edited by jjosemar on 13 Apr 2021, 17:57, edited 1 time in total.
Posts: 8
Joined: 4 Sep 2019

simo

Recently implicit FTP through port 990 has regained popularity, at least in my area, as ISPs started to block port 21 by default.
They say it can be used for unencrypted communication (i.e. plain-text FTP), and therefore they're blocking it for everyone in order to mitigate the security risk, unless you pay for a static IP address.

I would like to join the other users in this thread (and also here) for the request for implicit FTP support in FreeFileSync.
It will be much appreciated

Thank you! jjosemar, 13 Apr 2021, 11:44
Suggested workaround: forward public port port 990 to internal port 21. It's the only way I could get FFS to work.
Posts: 4
Joined: 13 Apr 2021

jjosemar

Hi simo,

Thanks for the workaround suggestion. Won't that be problematic for other programs in my computer which rely on implicit FTPS through port 990?
Posts: 8
Joined: 4 Sep 2019

simo

Hi simo,

Thanks for the workaround suggestion. Won't that be problematic for other programs in my computer which rely on implicit FTPS through port 990? jjosemar, 13 Apr 2021, 17:57
You can also define a custom port, if you're already using port 990 for its intended use.
Posts: 4
Joined: 13 Apr 2021

jjosemar

Recently implicit FTP through port 990 has regained popularity, at least in my area, as ISPs started to block port 21 by default.
They say it can be used for unencrypted communication (i.e. plain-text FTP), and therefore they're blocking it for everyone in order to mitigate the security risk, unless you pay for a static IP address.

I would like to join the other users in this thread (and also here) for the request for implicit FTP support in FreeFileSync.
It will be much appreciated

Thank you! jjosemar, 13 Apr 2021, 11:44
Suggested workaround: forward public port port 990 to internal port 21. It's the only way I could get FFS to work. simo, 13 Apr 2021, 11:51

Hi simo,

I would appreciate it if you share how exactly you did the workaround on your computer, because I'm still struggling with this problem. Was it through Command prompt, Control panel, etc..?
Posts: 8
Joined: 4 Sep 2019

simo


Suggested workaround: forward public port port 990 to internal port 21. It's the only way I could get FFS to work. simo, 13 Apr 2021, 11:51

Hi simo,

I would appreciate it if you share how exactly you did the workaround on your computer, because I'm still struggling with this problem. Was it through Command prompt, Control panel, etc..? jjosemar, 03 Sep 2021, 07:09
You must do it on the router settings. Usually, when you open a port, it asks which port and local IP to forward it to.

In my case, my local IP is 192.168.1.2, so I configured the router to open port 990 and forward it to IP 192.168.1.2 port 21.
Posts: 4
Joined: 13 Apr 2021

jjosemar


Suggested workaround: forward public port port 990 to internal port 21. It's the only way I could get FFS to work. simo, 13 Apr 2021, 11:51

Hi simo,

I would appreciate it if you share how exactly you did the workaround on your computer, because I'm still struggling with this problem. Was it through Command prompt, Control panel, etc..? jjosemar, 03 Sep 2021, 07:09
You must do it on the router settings. Usually, when you open a port, it asks which port and local IP to forward it to.

In my case, my local IP is 192.168.1.2, so I configured the router to open port 990 and forward it to IP 192.168.1.2 port 21. simo, 03 Sep 2021, 07:57

I tried that but it didn't work.

I'm starting to think it's not really a ports related issue, because as far as I know, various commands take place in secured ftp that are not used in plain text ftp (like negotiating the encryption, etc).
Therefore I think it's something only the developer of FreeFileSync can solve.
Posts: 8
Joined: 4 Sep 2019

simo

I'll try and explain in greater detail the workaround.
First, you need to know the local IP address of your FTP server, e.g. 192.168.1.2
Go to your router page, e.g. http://192.168.1.1, and set up port forward for TCP, external port 990, to local IP 192.168.1.2 local port 21. You can also use a different port from 990.
Then, you also need to open ports for passive mode. These have to match up with your FTP server config. For example, on Filezilla Server, you go to Server Settings -> Passive Mode -> Custom ports (e.g. 60100 to 60200) and also check Retrieve external IP. More info: https://wiki.filezilla-project.org/FTP_over_TLS

So, your standard port 21 can be reached via the internet at another port (e.g. 990). It must be set up as explicit FTPS.
It would be easier if FFS supported correctly implicit FTPS on port 990.

If you still have trouble, try pasting your FTP server log (just open Filezilla Server Interface as you try to connect with your client) or also check if your ports are open at https://www.yougetsignal.com/tools/open-ports/
User avatar
Site Admin
Posts: 7040
Joined: 9 Dec 2007

Zenju

Not sure if it's worth to add support for implicit FTPS as it seems to be considered deprecated: https://datatracker.ietf.org/doc/html/draft-murray-auth-ftp-ssl-07#appendix-A