FTP with SSL/TLS to QNAP NAS from AndFTP on Android

Not really enterprise IT but somebody might find this useful (including me in a few months if it breaks and I’ve forgotten what I did!)

So you have a QNAP TS series NAS (I have a TS239 Pro II + and very good it is too). You also have an Android phone. You think that it’d be pretty handy to be able to move stuff between the two, and would like to use a secured protocol.

If your NAS is not behind a NAT gateway then it’s easy. If it is then it’s still fairly easy, except that whilst the UPnP stuff on the NAS opens most of the ports you need, it does not open the passive FTP port range. So you need to go to your NAT gateway (possibly your modem/router) and manually add an entry for the range of ports and point them to the IP address of your NAS. If UPnP doesn’t work you also need to forward ports 21 and 22 to the NAS.

I have a Netgear cable modem/router from Virgin Media, and the place to go for the NAT table is Port Forwarding under Advanced. Up until this point you might have quite happily had your NAS running with a DHCP address with no problems (it can become a Master Browser so you can find/map drives to it by name on your home network), and UPnP has been taking care of the NAT port mappings automatically. All is not necessarily lost: the DHCP server (probably built into your router) might have the ability to use address reservations, this means that it will always hand out the same IP address to a device with a specific MAC address (i.e. network card unique identification number). On my Netgear router the stuff to do with DHCP is in the LAN IP section under Advanced.

So on the QNAP NAS I went into Network Services, FTP Service, and unticked FTP and ticked “FTP with SSL/TLS (Explicit)”. Port is left at 21 (default). I’m using the default Passive FTP port range of 55536 – 56559 and I have ticked the “Respond with external IP address for passive FTP connection request” but left the External IP Address box empty. This last step is important as otherwise your FTP client is told to connect to the internal IP address of the NAS rather than the external address of the NAT device (router). If you don’t tick it everything will work fine whilst you’re at home on your WiFi connection, but if you go elsewhere or switch to 3G (etc.) it’ll fail. Finally, within MyCloudNAS Service, Auto Router Configuration, I have ticked “FTP/FTPS with SSL/TLS
Server” which sorts out the UPnP. Oh, and I’m obviously using MyCloudNAS for dynamic DNS so I can find the NAS over the internet if/when the IP address of the cable modem/router changes.

So on to AndFTP on the Android phone. Important settings are as follows:
Hostname: me.mycloudnas.com
Type: FTPS (Explicit FTP over TLS/SSL)
Port: 21
On the Advanced tab: Mode: Passive
Back on the General tab, I have ticked “Enable resume support” because I thought it seemed like a good idea, what with a phone being portable and thus likely to have its network connection drop out mid transfer. I’ve yet to test if it actually does anything useful though.

And then you click Connect, and it does, and gives you a list of the files/folder on your NAS and you’re happy.

Think that’s all I had to do, the important bits really are the NAT entries for the high ports and making sure the NAS FTP server responds with the external IP address. If you can’t get it working I might have left something out – let me know and we can compare configurations!

This entry was posted in Uncategorized and tagged , , , , , , , , , , . Bookmark the permalink.

13 Responses to FTP with SSL/TLS to QNAP NAS from AndFTP on Android

  1. rcmtech says:

    Just discovered that following an update to AndFTP, you now also need to tick the “Legacy SSH” box on the Advanced page to make this work.


  2. Karox says:

    But – for me – it only works for the “admin” user id and no other. Pretty useless if you want to give access to other people to access *some* of your files rather than the whole system.


  3. Bob Cargill says:

    I have used this technique in the past, but I recently changed my server and it is running the 4.1.1 firmware. When I connect, I get a 425 error instead of a directory listing which seems to be related to TLS reuse on FTPS. There doesn’t seem to be an easy solution on the qnap side because there is no simple way to change proftpd.conf permanently. Has anyone found a solution or have the same problem?


    • rcmtech says:

      I get a 425 error too now:
      425 Unable to build data connection: Operation not permitted.
      I’ve been using ES File Explorer as a file manager and this also has an FTP client built in (plus SMB, plus you can run it as root which is handy). The ES File Explorer ftp connection works, so I’m using that for FTP to my QNAP now when I’m out and about. I use SMB when I’m at home on my own WiFi.


      • Bob Cargill says:

        I just tried ES File Explorer and it connects through FTPS over cellular (did not try on LAN), but it doesn’t list any files. It shows an empty screen with “Empty Folder” displayed in the middle. Similar to the AndFTP behavior (connects, but no file list). Are you using FTP or FTPS with ES File Explorer? I thought maybe I didn’t have the right permissions, but the QNAP shows my UID as having FTP application access.
        I used FileZilla (on my PC) to connect to the server via the WAN (from a different LAN) with no problem over FTPS and it gives me a directory listing.


      • rcmtech says:

        Yes, I’ve had the blank file list thing too, I find that they appear if you click the “refresh” icon at the bottom. Doesn’t seem consistent though, but it works for me.


  4. rcmtech says:

    Latest QNAP firmware states the following in the change log, I’ve not tested to see if it makes a difference yet though.
    QTS4.1.4 Build 0522
    [Bug fixes]
    Users are unable to retrieve a directory listing from the FTP Server with an FTP client.


  5. Jimny Cricket says:

    I am successful with AndFTP! SO, I am trying to have success on a coputer by using Cute FTP and FileZilla or any FTP application to make FTP connection but I can’t – Please help


    • rcmtech says:

      With Filezilla I’m using the following:
      Port: 8021
      Protocol: FTP
      Encryption: Require explicit FTP over TLS
      Server type: Default (Autodetect)
      Transfer mode: Passive
      Charset: Autodetect

      For info, I’m now using ES File Manager for FTP instead of AndFTP due to issues writing to the external SD card and directory listings being a bit flaky.


      • Jimny Cricket says:

        RCMTECH – That didn’t work for me still. It’s a shame that I can’t get FTP going when I get a good connection on AndFTP app.


  6. Amos Folarin says:

    We were missing one important config and that was really helpful!
    (works fine for Filezilla and my QNAP behind the institutional firewall)


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.