By default, ClearOS with the FTP Server app from the marketplace is already running in secure mode for FTP over TLS. This guide will help you implement it in that mode and it is considered best practices to run FTP with security as both the content and the username/password are transmitted over the internet in plain text.
Make sure that the FTP Server is installed and running. Also, make sure to install the Flexshare app.
Add Firewall Rule. Choose the 'Standard Service' type labeled 'FTPS'. this will open two ports (989 and 990).
In addition to this, you will likely need to add passive FTP ports so that you can connect to the FTP server in a more dynamic way which is more amenable to modern firewalls. This is a service on the Incoming Firewall rules list.
Be sure to remove the default port 20 and 21 ports for non-secure if you are trying to enforce secure only FTP.
Go through the normal procedures of setting up a group that will have rights to an FTP Share and a user that is a member of that group. In this demonstration, the user is called 'guestftp' and the group is called 'fs-ftpshare'. Next, create a flexshare share for this group. In the example, I call it ftpshare. Make the group have access to this share.
The heavy lifting is configuring your FTP client to work with TLS on port 990. While there are many FTP clients, we will show and example of how to configure Filezilla for use with ClearOS FTP/S. You can apply the logic here to your own client software or simply download Filezilla using the link at the bottom of this howto.
The fastest way to get connected is to normally use the Quickconnect feature. This will not work however because ClearOS uses a robust structure in order to be able to support private flexshares and home directories. You will need to make a manual connection instead of using Quickconnect. Quickconnect will connect but will fail to list the directories. This is by design. Click the site manager in the upper left hand corner:
Supply the following information:
In the Advanced section, supply the following:
You will be prompted to accept a certificate. You can tick the checkbox to remember this certificate so that it doesn't prompt you again.
At this point you should be connected and be able to see the contents of your Flexshare.
Because of the way that FTP works, you should be able to separate whether your problem is happening on the command channel or the data channel.
Things to check if the connection is failing: