Post subject: Filezilla - Failed to retrieve directory listing

FTP as a protocol is a bit of an odd duck. It uses two TCP connections, rather than just the one most protocols use. You have port 21 the command and login connection and a second connection, the data connection.

With passive FTP the second connection is to a randomly assigned available TCP port above 1024.

You problems seem to indicate you don't have that second port open in your firewall.

Normally with a reasonably intelligent firewall that second port is opened automatically. Since FTP is clear text protocol your firewall can scan the traffic on the command connection on port 21. It will recognise the PASV port that will be assigned and open up the firewall dynamically and allow traffic between that particular client and the PASV port used in that session.

Since you rightfully use TLS encryption that doesn't work. With FTPS the firewall can't snoop on the COMMAND channel any more.

Solution: Fix the PASV port(-range):

One solution is to configure your FTP server to use a small range of ports, or just a single port and create a firewall rule to open those ports. That is explained in the FileZilla documentation :

General settings ==> Passive Mode Settings ==> Custom port range

https://wiki.filezilla-project.org/File:Settings_passivemode_FZServer.png

And then open that port range in your firewall.

In addition if you're behind a NAT router, you have a second issue, namely that the PASV response not only includes the port number, but also the IP-address of the FTP server.

If you would still be using FTP in clear text then a NAT router would normally be able to rewrite that internal IP-address response with the correct external IP-address.

Again because you use FTP over TLS that doesn't work anymore.

Fortunately FileZilla also has a solution for that, it can correct for that and advertise the external/public IP-address rather than the actual (internal) IP-address.