Error 425 Can´t open data connection

[Micai]

I know there are some other threads about this error but none of them describes exactly my situation.

I have four computers on a network:

• - A W2k3 32 bits computer with a NAT configured using RRAS (let´s call it NAT)
  - A Windows XP computer (let´s call it A)
  - A W2k3 64 bits server (let´s call it B)
  - A W2k3 32 bits server (let´s call it C)

The NAT computer forwards the connections comming from an external IP X, ports 80 and 443 to server B.
The NAT also forwards the connections comming from an external IP Y, ports 80 and 443 to server C.

I have this 425 error after the LIST command when I try to connect to a certain FTP Server using ONLY server B. The client is correctly configured to use passive mode.

The firewalls on all these machines are turned off. The NAT machine use the basic firewall of the RRAS. All the threee machines use the NAT as the default gateway.

Follows the log for the converstation obtained with Network Monitor

2 0.000000 NetworkInfoEx NetworkInfoEx: Network info for MEDIADNASRV3, Network Adapter Count = 1
3 5.031250 192.168.2.33 200.XXX.YYY.ZZ TCP TCP: Flags=.S......, SrcPort=4675, DstPort=FTP control(21), Len=0, Seq=4012585495, Ack=0, Win=65535 (scale factor not found)
4 5.031250 200.XXX.YYY.ZZ 192.168.2.33 TCP TCP: Flags=.S..A..., SrcPort=FTP control(21), DstPort=4675, Len=0, Seq=1703559577, Ack=4012585496, Win=16384 (scale factor not found)
5 5.031250 192.168.2.33 200.XXX.YYY.ZZ TCP TCP: Flags=....A..., SrcPort=4675, DstPort=FTP control(21), Len=0, Seq=4012585496, Ack=1703559578, Win=65535 (scale factor not found)
6 5.453125 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '220 Microsoft FTP Service'
7 5.453125 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675,'USER xxxxxx'
8 5.593750 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '331 Password required for xxxxxx.'
9 5.593750 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675,'PASS yyyyyyyy'
10 5.687500 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '230 User xxxxxx logged in.'
11 5.687500 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675, 'SYST'
12 5.765625 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '215 Windows_NT'
13 5.765625 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675, 'FEAT'
14 5.796875 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '211 -FEAT'
15 6.015625 192.168.2.33 200.XXX.YYY.ZZ TCP TCP: Flags=....A..., SrcPort=4675, DstPort=FTP control(21), Len=0, Seq=4012585540, Ack=1703559696, Win=65417 (scale factor not found)
16 6.015625 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675,'211 END'
17 6.015625 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675,'CWD /ftpexibidoras'
18 6.062500 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '250 CWD command successful.'
19 6.062500 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675,'PWD'
20 6.109375 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '257 "/ftpexibidoras" is current directory.'
21 6.109375 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675,'TYPE I'
22 6.171875 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '200 Type set to I.'
23 6.171875 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675, 'PASV'
24 6.234375 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '227 Entering Passive Mode (200.XXX.YYY.ZZ,6,254).'
25 6.234375 192.168.2.33 200.XXX.YYY.ZZ FTP FTP: Request from Port 4675, 'LIST'
26 6.234375 192.168.2.33 200.XXX.YYY.ZZ TCP TCP: Flags=.S......, SrcPort=4676, DstPort=1790, Len=0, Seq=257555777, Ack=0, Win=65535 (scale factor not found)
27 6.375000 200.XXX.YYY.ZZ 192.168.2.33 TCP TCP: Flags=....A..., SrcPort=FTP control(21), DstPort=4675, Len=0, Seq=1703559868, Ack=4012585585, Win=17431 (scale factor not found)
28 9.296875 192.168.2.33 200.XXX.YYY.ZZ TCP TCP: Flags=.S......, SrcPort=4676, DstPort=1790, Len=0, Seq=257555777, Ack=0, Win=65535 (scale factor not found)
29 15.312500 192.168.2.33 200.XXX.YYY.ZZ TCP TCP: Flags=.S......, SrcPort=4676, DstPort=1790, Len=0, Seq=257555777, Ack=0, Win=65535 (scale factor not found)
30 18.562500 200.XXX.YYY.ZZ 192.168.2.33 FTP FTP: Response to Port 4675, '425 Can't open data connection.'
31 18.703125 192.168.2.33 200.XXX.YYY.ZZ TCP TCP: Flags=....A..., SrcPort=4675, DstPort=FTP control(21), Len=0, Seq=4012585585, Ack=1703559901, Win=65212 (scale factor not found)


Thanks!

Fabio.

[botg]

Check both the client and the server log. If the reply to the PASV command is different between client and server, you got a malicious router or firewall that actively sabotages the connection.

[Micai]

I don´t have access to the server... My problem is that all other machines behind the same gateway can connect to the server using FileZilla or IE7 or a custom client that I developed. These other machines always connect but the server B never connects. So, I dont´t believe there´s a router or a firewall tampering my messages, otherwise none of them would be able to connect.

None of them have any 3rd party firewall, just the windows firewall turned off.

[francisco]

I think your problem is with the router.
Log into it and see the range of ports forwarding you have selected.
The client chooces the ports to connect, if the server side does not have the requested port available, you will have a conection problem.
The ports are randomly, you have to select a range of (i.e, 50000 - 51000) just like it is in the "Network Configuration Guide"


Francsico

[Micai]

Actually, in passive mode it´s the server who chooses the port.

I´ve just solved my problem. I turned off the "Application Layer Gateway" service of the NAT server. I still don´t know why it worked on a machine behind this NAT and it didn´t work on another machine also behind the same NAT...

Wel... I hope this information is usefull to anyone else.

Thanks!