FTP

FTP over TLS not working, why?

Excuse me, share your experience of setting up FTP.
There is a local PC 10.0.0.115 and an external static IP.
Installed FileZilla server, registered an external IP and a range of ports 5000-5050 as per tutorials on the network, created a user with all rights and a password in Latin.
In ideco, I forwarded the ports like this: (external IP): 21 to 10.0.0.115:21 and the second from 10.0.0.115:21 just to port 21 on the network.
In the firewall, on the server, on the client, opened ports and program access to the network. (I also tried turning it off completely).
Everything works if you try to connect purely via FTP (the program says not safe).
But if you enable TLS to create a certificate, then I can’t connect in any way.
Connection log without TLS:
000005)06/03/2021 16:40:47 - (not logged in) (85.140.11.166)> Connected on port 21, sending welcome message...
(000005)06/03/2021 16:40:47 - (not logged in) (85.140.11.166)> 220-FileZilla Server 0.9.60 beta
(000005)06/03/2021 16:40:47 - (not logged in) (85.140.11.166)> 220-written by Tim Kosse ([email protected] project.org)
(000005)06/03/2021 16:40:47 - (not logged in) (85.140.11.166)> 220 Please visit https://filezilla-project.org/
(000005)06/03/2021 16:40: 47 - (not logged in) (85.140.11.166) > AUTH TLS
(000005) 06/03/2021 16:40:47 - (not logged in) (85.140.11.166) > 502 Explicit TLS authentication not allowed
(000005) 06/03/2021 16:40:47 - (not logged in) (85.140.11.166) > AUTH SSL
(000005)06/03/2021 16:40:47 - (not logged in) (85.140.11.166) > 502 Explicit TLS authentication not allowed
(000005)06/03/2021 16:40:47 - (not logged in) (85.140.11.166 )> USER user
(000005)06/03/2021 16:40:47 - (not logged in) (85.140.11.166)> 331 Password required for user
(000005)06/03/2021 16:40:47 - (not logged in) ( 85.140.11.166)> PASS ******
(000005)06/03/2021 16:40:47 - user (85.140.11.166)> 230 Logged on
(000005)06/03/2021 16:40:47 - user (85.140. 11.166)> PWD
(000005) 06/03/2021 16:40:47 - user (85.140.11.166)> 257 "/" is current directory.
(000005)06/03/2021 16:40:52 - user (85.140.11.166)> CWD /Test
(000005)06/03/2021 16:40:52 - user (85.140.11.166)> 250 CWD successful. "/Test" is the current directory.
(000005) 06/03/2021 16:40:52 - user (85.140.11.166)> PWD
(000005) 06/03/2021 16:40:52 - user (85.140.11.166)> 257 "/Test" is current directory.
(000005)06/03/2021 16:40:52 - user (85.140.11.166)> TYPE I
(000005)06/03/2021 16:40:52 - user (85.140.11.166)> 200 Type set to I
(000005)03.06. 2021 16:40:53 - user (85.140.11.166) > PORT 85,140,11,166,183,160
(000005) 06/03/2021 16:40:53 - user (85.140.11.166) > 200 Port command successful
(000005) 06/03/2021 :53 - user (85.140.11.166)> MLSD
(000005) 06/03/2021 16:40:53 - user (85.140.11.166)> 150 Opening data channel for directory listing of "/Test"
(000005) 06/03/2021 16: 40:53 - user(85.140.11.166) > 226 Successfully transferred "/Test"
(000005)06/03/2021 16:40:55 - user (85.140.11.166)> CWD /Test/New directory
(000005)06/03/2021 16:40:55 - user (85.140.11.166)> 250 CWD successful. "/Test/New directory" is current directory.
(000005)06/03/2021 16:40:55 - user (85.140.11.166)> PWD
(000005)06/03/2021 16:40:55 - user (85.140.11.166)> 257 "/Test/New Directory" is current directory .
C TLS:
000012)06/03/2021 17:02:50 - (not logged in) (85.140.11.166)> Connected on port 21, sending welcome message...
(000012)06/03/2021 17:02:50 - (not logged in) (85.140.11.166)> 220-FileZilla Server 0.9.60 beta
(000012)06/03/2021 17:02:50 - (not logged in) (85.140.11.166)> 220-written by Tim Kosse (tim.kosse @filezilla-project.org)
(000012)06/03/2021 17:02:50 - (not logged in) (85.140.11.166)> 220 Please visit https://filezilla-project.org/
(000012)06/03/2021 17:02:51 - (not logged in) (85.140.11.166)> AUTH TLS
(000012) 06/03/2021 17:02:51 - (not logged in) (85.140.11.166)> 234 Using authentication type TLS
(000012) 06/03/2021 17:02:51 - (not logged in) (85.140.11.166)> TLS connection established
(000012)06/03/2021 17:02:51 - (not logged in) (85.140.11.166)> USER user
(000012)06/03/2021 17:02: 51 - (not logged in) (85.140.11.166) > 331 Password required for user
(000012) 06/03/2021 17:02:51 - (not logged in) (85.140.11.166) > PASS ******
(000012 )06/03/2021 17:02:51 - user (85.140.11.166) > 230 Logged on
(000012)06/03/2021 17:02:51 - user (85.140.11.166)> PBSZ 0
(000012)06/03/2021 17:02:51 - user (85.140.11.166)> 200 PBSZ=0
(000012)06/03/2021 17:02:51 - user (85.140.11.166) > PROT P
(000012) 06/03/2021 17:02:51 - user (85.140.11.166) > 200 Protection level set to P
(000012) 06/03/2021 17:02: 51 - user (85.140.11.166) > PWD
(000012) 06/03/2021 17:02:51 - user (85.140.11.166) > 257 "/" is current directory.
(000012)06/03/2021 17:02:51 - user (85.140.11.166)> TYPE I
(000012)06/03/2021 17:02:51 - user (85.140.11.166)> 200 Type set to I
(000012)03.06. 2021 17:02:51 - user (85.140.11.166)> PORT 192,168,43,41,192,131
(000012)06/03/2021 17:02:51 - user (85.140.11.166)> 200 Port command successful
(000012)06/03/2021 17:02:51 - user (85.140.11.166)> MLSD
(000012)06/03/2021 17:02:51 - user (85.140.11.166)> 150 Opening data channel for directory listing of "/"
(000012)06/03/2021 17:03:02 - user (85.140.11.166)> 425 Can't open data connection for transfer of "/"
I see that he is now trying to connect not to my phone's IP 85.140.11.166:183,160 but to the local ip of the laptop to which I distribute the Internet 192.168.43.41:192,131
QUESTION:
1. How even without TLS it was possible to connect from the explorer or browser, I remind you that I did not succeed, and how safe it is.
2. What else needs to be done so that the directories are displayed through TLS?