Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Please consider moving your question to a more appropriate site, like Super User.
This is not really WinSCP problem.
Post a link here if you do.

I've noticed through Wireshark that when the TLS negotiation begins from inside the domain I get FTP Request, FTP Response and then all is well. From outside the Firewall I get FTP Request, TCP ACK.

So my assumption is that the request I'm sending is being interfered with when it enters my network and therefore the FTP server can't send an appropriate response.

Anyone seen anything like this before?

Just realised that I've attached the log for Explicit rather than Implicit, but either way neither option works.

989 was another clutching at straws just opened it because its 1 less than 990.
I have tried FileZilla and, both of which timeout when using Explicit TLS/SSL.
I have since reopened the Data ports on the firewall but this has not helped.
I have previously read that article but was unable to find anything that seemed to relate to my issue.

Thankyou for your reply!

Re: Unable to connect through Firewall

What is 989? Is that data port? (do you have data ports opened?)
Did you read this?
Does any other FTP client work? Can you post a complete log file?

Unable to connect through Firewall

Afternoon, I've searched the forums for a solution to my problem and have had no success.

I'm unable to connect to my FTP server externally, If I'm inside the network everything works fine and I'm able to connect to the server and if I don't use any TLS/SSL (Externally) this also works, but as soon as I switch to Implicit I get the following error:

. 2019-12-06 15:04:53.013 Connecting to *IP Address* ...
. 2019-12-06 15:04:53.075 Connected with *IP Address*, negotiating TLS connection...
. 2019-12-06 15:04:53.122 TLS connect: error in SSLv2/v3 read server hello A
. 2019-12-06 15:04:53.122 Can't establish TLS connection
. 2019-12-06 15:04:53.122 Disconnected from server

I have setup a rule on the firewall to forward ports 20, 21, 22, 989, 990 (The control ports were previously open but I've shut those - clutching at straws)

I have tried passive and active modes (Makes no difference) as well as using Explicit TLS/SSL (This just times out)

Any help or ideas would be greatly appreciated!