NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

geojay's avatar
geojay
Guide
Nov 07, 2020

Enabling external FTPS access to ReadyNAS 214

I'm trying to set up external FTPS access on my ReadyNAS 214. I've got it working locally but when I try to expose it to the internet and access it via my external IP address, I get the following messages in FileZilla:

 

Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.

Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing

 

I've set up port forwarding on my router for port 21 but looking at https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/FTP-Error/m-p/1581967#M146170 I see advice to "forward the full passive port range" on the router but before I do this, I'd like to understand why this is required, whether there is any risk, whether I need to change any config on the NAS and what I need to do on the router?

 

Thanks

1 Reply

Replies have been turned off for this discussion
  • StephenB's avatar
    StephenB
    Guru - Experienced User

    geojay wrote:

    I'd like to understand why this is required, whether there is any risk, whether I need to change any config on the NAS and what I need to do on the router?

     


    FTP has a control port (21 by default) and passive ports for data transfer.  So you do need to forward passive ports.

     

    The first thing is to figure out how many passive ports you need.  I always recommend 4 passive ports per simultaneous user.  So you expect 3 simultaneous users, you'd need 12 passive ports.

     

    The recommended range for dynamic ports is 49152-65535, so (in this example) you'd need to pick 12 ports in this range.  For instance, 54321 to 54332.

     

    Then you set the passive port range on the NAS to this range, and forward them in the router (as you did for port 21).

     

    As far as risk goes, you do want to be cautious when forwarding ports.  In this case you are depending on the NAS to properly reject attempts to hack into the NAS using these ports. I think the risk is pretty low.  

     

    You should set the NAS to require FTPS, and make sure you are using strong NAS passwords.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More