FTP over SSL/TLS (implicit with encryption) with zFTPserver
First the firewall or router needs to be configured. Remember when using an encrypted ftp all passive ports has to be redirected.
Â
This example are from a Cisco ASA
access-list allow_inbound extended permit tcp any interface outside eq ftp
access-list allow_inbound extended permit tcp any interface outside eq 2950
access-list allow_inbound extended permit tcp any interface outside eq 2951
access-list allow_inbound extended permit tcp any interface outside eq 2952
etc.
static (inside,outside) tcp interface ftp 192.168.1.2 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 2960 192.168.1.2 2950 netmask 255.255.255.255
static (inside,outside) tcp interface 2961 192.168.1.2 2951 netmask 255.255.255.255
static (inside,outside) tcp interface 2962 192.168.1.2 2952 netmask 255.255.255.255
static (inside,outside) tcp interface 2963 192.168.1.2 2953 netmask 255.255.255.255
etc.
Configuration on the ftp server:
General tab:
Specify address for passive mode: Write your public ip
specify port range for passive mode: Write 2950 to 3000
SSL/TLS tab:
Create a certificate.
Enable secure ftp through implicit ssl/tls and write using ssl/tls, only allow secure data transfers
That’s it!
