How To Set Up FileZilla FTPS Server Behind NAT in Passive Mode

This guide assumes you have a static public IP, NAT router, Windows, and FileZilla Server installed.

  • Log on to the FileZilla Server Interface.
  • Open Settings from the Edit menu.
  • Press Passive Mode Settings.
  • Check Use custom port range and specify 980-989.
  • Press Use the following IP and type the server’s public IP into the textbox.
  • Go to SSL/TLS Setttings.
  • Check Enable FTP over SSL/TLS support (FTPS).
  • Generate a certificate or import one.
  • Check Disallow plain uncencrypted FTP. (paranoia)
  • Forward incoming tcp ports 980-990 on your router to the local IP of the server.
    980-989 for data, 990 for control.
  • Start Windows Firewall with Advanced Security. (habit)
  • Click Inbound Rules and Select New Rule.
  • Select Program and click Next.
  • Select This program path and click Browse.
  • Add FileZilla Server.exe and click Next. (%ProgramFiles% (x86)\FileZilla Server\FileZilla server.exe in my case)
  • Select Allow the Connection and click Next.
  • Check all profiles and click Next.
  • Enter a rule name such as “FileZilla Server FTPS Server” and click Finish.

Assuming you’ve created an account properly, you are now ready to *securely connect to the server from the internet.

* You will need a domain name to point to the public IP and a certificate to match the domain name. I won’t go into details about SSL security in this post.

This entry was posted in Security. Bookmark the permalink.

26 Responses to How To Set Up FileZilla FTPS Server Behind NAT in Passive Mode

  1. common says:

    It’s actually a nice and useful piece of info. I am satisfied that you simply
    shared this helpful info with us. Please stay
    us up to date like this. Thank you for sharing.

  2. Jose says:

    That’s not a SFTP, it’s a FTPS (FTP over SSL).
    SFTP goes over SSH.

  3. Pingback: Sftp Server On Windows | Home

  4. 産廃 says:

    Hello there, I do believe your web site may be having web browser compatibility problems.
    When I take a look at your website in Safari, it looks fine
    however, when opening in I.E., it’s got some overlapping issues.
    I simply wanted to give you a quick heads up!
    Apart from that, excellent blog!

  5. Hi there it’s me, I am also visiting this website regularly, this web site is
    genuinely fastidious and the people are in fact sharing nice thoughts.

  6. What’s up, I check your blog like every week. Your writing style is witty, keep it up!

  7. aforismi says:

    Hey una mіa amica mi ha inviato l’indirizzo dі questo sіto e
    sono passata a vedere ѕe veramеnte merita. Mi piace enormemеnte.
    L’ho messo tra i preferiti. Stupendo blog e template spettacolare.

  8. gofsey says:

    Thanks for sharing this information. I am a newbie and I am trying to get things going. : — )

  9. kittu says:

    Nice info Thank you soooo much

  10. Dogi says:

    I can access to my FTP server inside the local network but cant access from outside even if i did everyting accept turning off all the firewalls.Help pls?

  11. Pachinko says:

    We’re a gaggle of volunteers and starting a brand new scheme in our community.
    Your web site provided us with useful information to work on.
    You have done an impressive activity and our whole group will be
    thankful to you.

  12. John Langston says:

    i cant get to the options, they’re all greyed out

  13. Thank you but… I get this message from Filezilla: “You appear to be behind a NAT router. Please configure the passive mode settings and forward a range of ports in your router.
    Warning: FTP over TLS is not enabled, users cannot securely log in.” How can I get into the “settings” if I cannot open the interface?

  14. Jitu Mehra says:

    you r awesome man

  15. nicky zogg says:

    I am dumb my brother is dumber, we need somebody to make youtube vid for this stuff, pretty pleeze.

  16. nicky zogg says:

    now online ftp tester says … “Your server is working but entered address does not resolve to IPv6 address ?

  17. of course like your web site however you have to check the
    spelling on quite a few of your posts. A number of them are rife
    with spelling problems and I find it very troublesome to tell the truth then again I’ll surely come again again.

  18. clark white says:

    awesome blog..thank you..totally helped me. one question: when i log ino the ftp server it says unknown cert do you trust server etc..etc…which is totally fine with me but, i using this for some devices to do daily backups and i dont think they will get past that by themselves of course, do you have any recommendations on that? they are local devices to the ftp server computer,

  19. BobH says:

    I’m pretty close. I’m getting connected but am not getting a directory listing … any ideas? Bob

    Response: 425 Can’t open data connection for transfer of “/”
    Error: Failed to retrieve directory listing

    • BobH says:

      FileZilla Server says

      (000023)11/19/2017 13:33:50 PM – (not logged in) (192.168.X.Y)> TLS connection established
      (000022)11/19/2017 13:34:01 PM – bhawk (192.168.X.Y> 425 Can’t open data connection for transfer of “/”

  20. Edwin says:

    Why is the port range 980-989

  21. Web Site says:

    Quality posts is the key to attract the viewers to go to
    see the website, that’s what this web site is providing.

  22. gui du uc re says:

    Hi there to all, because I am in fact eager of reading
    this weblog’s post to be updated regularly. It carries nice data.

  23. This post is worth everyone’s attention. When can I find out more?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s