Rubin Shrestha
Rubin Shrestha
Blog

SFTP connection blocked by Fritzbox router

by |Published

For a couple of weeks now, I haven’t been able to access my friend’s SFTP server from home. Using Wireshark, I can see my connection attempt leaves my computer, but no response comes back (see also the filezilla logs below).

Trace:  CControlSocket::ResetOperation(66)
Trace:  CControlSocket::ResetOperation(66)
Trace:  CControlSocket::SendNextCommand()
Trace:  CSftpConnectOpData::Send() in state 0
Status: Connecting to XXXX:YYYY...
Trace:  Going to execute /usr/bin/fzsftp
Response:   fzSftp started, protocol_version=11
Trace:  CSftpConnectOpData::ParseResponse() in state 0
Trace:  CControlSocket::SendNextCommand()
Trace:  CSftpConnectOpData::Send() in state 3
Command:    open "ZZZZ@XXXX" YYYY
Trace:  Looking up host "XXXX" for SSH connection
Trace:  Connecting to XXXX port YYYY
Trace:  We claim version: SSH-2.0-FileZilla_3.66.5
Error:  Connection timed out after 20 seconds of inactivity
Trace:  CControlSocket::ResetOperation(2114)
Trace:  CSftpConnectOpData::Reset(2114) in state 3
Error:  Could not connect to server

The connection works fine when I use a different router, tether via my phone, or set my device as an “exposed host” on my (Fritzbox 7530AX) router. So I am pretty sure that my router is causing the problem (Maybe a firmware update broke it?!)

Upon further investigation with Wireshark under these working scenarios, I noticed that the server’s response comes back on a different (seemingly random within a range) port than my initial request. I don’t want to forward all ports in this range due to potential security risks.

So, my questions are:

  1. How can I fix this issue without exposing a large range of ports or reverting to an older router firmware?
  2. More generally, how is it possible for the SFTP response to arrive on a different port than the request, and what does the router need to do for this to work? Are my working methods just forwarding all traffic? This does not seem right, but if not, how are the server responses being passed through to my PC?

Any help understanding both the router/networking side and possible Fritzbox solutions would be appreciated!

You may also like