Well, I did encouter the same issues. But putting the Blackarmor into a DMZ/exposed host is not an option. I don´t know anything about the vulnerability of that system.

However I did manage to establish a passive connection (with no problems listing the directories) both from the internal and external network to the NAS sitting behind a firewall router:

As it seems Filezilla <-> Blackarmor are communicating next to the FTP-server-port within the port-range 5000-5100 - at least in my case.

(I used TCPView to look for additional port openings/requests when connecting with Filezilla from within the LAN to the Blackarmor dyndns adress back into my LAN).

After opening above port-range on my firewall-router, global FTP-connections are now possible ...

(additionally activiated in the Blackarmor-unit: DDNS and Upnp).

Don´t know if that is a good solution, but the Seagate documentation in this case is more than poor  ...

OK so I had a brief, albiet false, sense that the problem of the timing-out was due to my limited u/l bandwith and the RDT connection sending some huge packets to me at the same time that same PC was trying to U/L to the NAS.  So I disconnected the RDT and let it run all night.  Pretty much no changes.  Here is a bit more text if it helps at all:

Response:    150 Here comes the directory listing.
Response:    226 Directory send OK.
Command:    PORT 192,168,254,1,8,142
Response:    200 PORT command successful. Consider using PASV.
Command:    REST 2413945        <--- I put this line in red to show the command

Response:    350 Restart position accepted (2413945).   <---Yeah but it does not restart

Error:    Connection timed out
Status:    Connecting to XXX.XXX.XXX.74:21...
Status:    Connection established, waiting for welcome message...
Response:    220 vsFTPd 2.0.4+ (ext.3) ready...

Very interesting psirus,

You would think that Seagate would document that port range of 5000-5100 for the Passive range connection ports, but then again since they told me that this is a try at your own risk feature then I am not supprised that it is not well documented.  I will try to duplicate your results.

That is one of the things that I dont like about FTP service in general and that is openning up that large range of ports for Passive Mode.  When I saw that the BlackArmor had the ability for an HTTPS connection, that is one of the attractions of the unit, because only Port 443 needs to be open to connect for an encrypted connection.  But sadly it appears that HTTPS connection can only be used for server configuration, and not for file access.

I am not sure putting the NAS in the DMZ is the answer yet either until a full range of secuity tests can be made, but opening up all those ports is almost the same thing as putting the unit in the DMZ anyway.

I can tell you that I went to a pubic library with an un-secure connection to test the NAS FTP service, and when I arrived home I looked at the directories and found that someone had dropped 100's of GIF files in one of the directories in the short time I was connected.  NOT GOOD!

Hi drjeffapp

Yeah, first of all the remote desktop feature for windows has its own inherit problems for file transfers in general, and I had many frustraions when using that program in conjunction with file transfers, although it works well for controlling the remote computer.  That could be part of the problem, but I noticed you said you were getting a time-out doing the transfer under Active Mode. .

You might want to try switching to Passive Mode when doing your file transfers from remote locations.  I could not get full functionallity under Active Mode remotely.  Strange because Active Mode is the only way I was getting FTP service functionallity from the LAN.

For all you people out there that like connecting remotely to computers, and doing file transfers and such, when you can, try using Team Viewer instead of remote desktiop connection.  First of all it's free for non commercial users, its encrypted for security, and it is way more functional than remote desktop that is built into Windows.

I will be running tests this week for using the FTP service with SSL certificate for encrypted connections, and report shortly about the results.  I will run a battery of security tests after that to see how secure this unit is in the MAD world we live in.

**small update**

I am able to U/L up to 12 meg files with my current settings, not 10 as I had previously stated.  Anything larger times out every time.  Not that this makes a hoot of a difference.

Will try to fuss with the different modes tomorrow, thanks for the advice.

(and yeah, I could just slap the files on a jump drive and x-fer them once home, but that is not what I bought this device for)

This unit is very difficult to deal with the Private Share issues.  I can create a private share, go into Discovery and try to log onto it and it gives me this message. 

XXXXX is not accessable.  It give a long message about how multiple users cannot access the resourse and you have to disconnect all previous connections in order to access them under a different login.  What a pain.  The only way I can think of disconnecting is to reboot the system.  It's not enough to quit out of Explorer to access these other shares. 

If I am logged in as admin, then I have to go add admin to every private share in order to see it.  As an administrator, I like to go in and make sure I can log into the new share to test the new user name and password, but it wont let me.  I need to find a way to disconnect the connection to test the private share logins.

At least I finally figured out what is going on.  I wonder if this is part of the problem that people are having trying to configure these Nas's under Active Directory in a domain environment.

Well I was able to speak with a security CEH at one of the companies I deal with, and he advised me not to run my NAS FTP service in the DMZ right now until he has time to check it out.  Might be another week before he can run some tests on it and see if he can hack in to it.  I just got my SSL certificate from GoDaddy and am installing it now to see if I can at least have an encrypted connection with FTP.  I still have to figure out how to install it on this unit.  The NAS got hacked while I was at a libraies unsecure connection somehow while the NAS was in the DMZ.  I can only access files externally while the NAS is in the DMZ though.

Right now I am running Wing FTP Server on one of my machines with the NAS behind the firewall, and it performs flawlessly for file access on the NAS with HTTPS.  I only have to open up Port 443 (with encrypted connection) to access all of my files on the NAS securely with this software. I cannot believe the NAS internal software gives HTTPS access only for the FTP server config and not for file access.

Has anyone been able to access files on the NAS with internet explorer in any way with the NAS built in software?  Global Access works, but normal FTP software at least allows your access to files with IE in some way.

ftpdave,

First I would like to "Thank you" for all the work and posting you have done concerning the NAS FTP access issues, this is also going for all the help you have done concerning other posts and help to other NAS users. I have been following this thread since its conception.

I run Serv-U-FTP Server on another box with SSL and have had NO issues with either the intranet or internet access (all this behind the NAT and server firewall). One of the reasons of my purchase of the NAS 110 was to have the ability to transfer my files to the NAS and setup the FTP service of that device. Therefore eliminating the use of my Serv-U server.

Although I have updated the firmware of the NAS I see no changes. It seems that having a FTP on the LAN is somewhat redundant to accessing files since you can map drives, use the discovery access, network places within explorer, etc.. I just don't understand Seagate's philosophy on how this was supposed to work.

I would like to offer my help in any way I can to resolve the FTP issues of the NAS. I am no expert my any means, but I am willing to offer any assistance I can.

It's too bad that we have to resort to these options to solve issues with a Device that the manufacturer seems to have abandoned as "try at your own risk".