Unable to connect through Firewall

Advertisement

BenLindsay
Guest

Unable to connect through Firewall

Afternoon, I've searched the forums for a solution to my problem and have had no success.

I'm unable to connect to my FTP server externally, If I'm inside the network everything works fine and I'm able to connect to the server and if I don't use any TLS/SSL (Externally) this also works, but as soon as I switch to Implicit I get the following error:

. 2019-12-06 15:04:53.013 Connecting to *IP Address* ...
. 2019-12-06 15:04:53.075 Connected with *IP Address*, negotiating TLS connection...
. 2019-12-06 15:04:53.122 TLS connect: error in SSLv2/v3 read server hello A
. 2019-12-06 15:04:53.122 Can't establish TLS connection
. 2019-12-06 15:04:53.122 Disconnected from server

I have setup a rule on the firewall to forward ports 20, 21, 22, 989, 990 (The control ports were previously open but I've shut those - clutching at straws)

I have tried passive and active modes (Makes no difference) as well as using Explicit TLS/SSL (This just times out)

Any help or ideas would be greatly appreciated!

Reply with quote

Advertisement

BenLindsay
Guest

989 was another clutching at straws just opened it because its 1 less than 990.
I have tried FileZilla and FTPTest.net, both of which timeout when using Explicit TLS/SSL.
I have since reopened the Data ports on the firewall but this has not helped.
I have previously read that article but was unable to find anything that seemed to relate to my issue.

Thankyou for your reply!

Reply with quote

BenLindsay
Guest

Just realised that I've attached the log for Explicit rather than Implicit, but either way neither option works.

Reply with quote

benlindsay
Guest

I've noticed through Wireshark that when the TLS negotiation begins from inside the domain I get FTP Request, FTP Response and then all is well. From outside the Firewall I get FTP Request, TCP ACK.

So my assumption is that the request I'm sending is being interfered with when it enters my network and therefore the FTP server can't send an appropriate response.

Anyone seen anything like this before?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
33,008
Location:
Prague, Czechia

Please consider moving your question to a more appropriate site, like Super User.
This is not really WinSCP problem.
Post a link here if you do.

Reply with quote

Advertisement

You can post new topics in this forum