Page 1 of 3

425 Can't Open Data Connection

Posted: 2012-05-24 17:20
by jkemper08
Okay so I've setup a server on Windows 7 with DynDNS. So far I've configured DynDNS properly and set the settings in the firewall to allow connections inbound and outbound on port 21. But still I get this error.....
425 Can't open data connection.
Failed to retrieve directory listing.
It tells me that the user is logged in appropriately but it is not dropping them into there home folder or allowing them to connect/transfer any data etc. I've set both server/client to use passive mode, and I'm fairly sure the firewall is configured correctly as well, so now I'm pulling my hair out, any help would be appreciated.

Re: 425 Can't Open Data Connection

Posted: 2012-05-24 21:26
by boco
So far I've configured DynDNS properly and set the settings in the firewall to allow connections inbound and outbound on port 21. But still I get this error.....

Code: Select all

425 Can't open data connection.
Failed to retrieve directory listing.
Yes, of course, because the listings and transfers do NOT use port 21. In the screenshot, the port offered was 49389 (192*256+237). So, in addition to the listening port, you need to define, open and forward a range of ports for Passive data connections (minimum recommended 100 ports). Please refer to the Network Configuration guide for details. Besides, in case you are behind a router and test from your own LAN, use the private LAN IP to connect.

Re: 425 Can't Open Data Connection

Posted: 2012-08-13 20:57
by fredcrys
HI,

I also have the problem with the 425 error code. The sever is behind a router (D-link DIR-825) which I have forwarded port 21 to the IP of the server in the network. When i try to connect with my filezilla client from another computer behind a router using the server's Global IP, where server is, I am able to log in and when is about to list the directory list, it shows me the 425 connection error code. I tried to use Active and passive mode and get the same response. In the other hand if I connect with my Air Card using active mode, I go straight through with no problem. I have Changed the port numbers from a different range but no luck. Is there a final port configuration that I can use in this case for the Client, server and router?

This is a dirty sketch of the topology:
IP of the server after the router 192.xxx.xxx.xxx:21
My PC ---> router--->Internet---->router---->server
Global IP of the server: xxx.xxx.xxx.xxx:21


Any help will be greatly appreciated.

Re: 425 Can't Open Data Connection

Posted: 2012-08-13 22:06
by boco
Same solution. Define, open and forward a range of ports for Passive data transfers at the server side (for Active, on the client side). Please read Network Configuration.

Re: 425 Can't Open Data Connection

Posted: 2012-08-14 04:09
by fredcrys
Thank you for the quick reply, but....

I already setup the filezilla server according to the Network configuration page for passive connections, specified ports 50000 to 51000 and entered he global IP address in filezilla server, add exeptions in the firewall. I have a D-link DIR-825 and this one have two sections: one is virtual server tab and the other is port forwarding tab.

In the Virtual server settings i have:
- name of server
- local IP address
- TCP = 21
- UDP = 21
- schedule = always
- allow
With this configuration I am able to connect locally.

In the port forwarding tab:
- name of server
- local IP Address
- TCP = (50000-51000)
- UDP = (50000-51000)
- schedule = always
- allow

I am able to connect through Remote Desktop to my server giving it a TCP=3389 in the virtual server tab, but when I made that change in the port forwarding tab I lost connection with the remote desktop and now I am not able to make any connection what so ever with the filezilla client.

If you are so kind to provide me with an example of "Define, open and forward a range of ports".

I think I made things worst.

Re: 425 Can't Open Data Connection

Posted: 2012-08-14 06:12
by botg
If you have a choice between port forwarding and virtual server, always use the former. Note that FTP only uses TCP, forwarding UDP is not needed.

Re: 425 Can't Open Data Connection

Posted: 2012-08-14 11:54
by boco
I already setup the filezilla server according to the Network configuration page for passive connections, specified ports 50000 to 51000 and entered he global IP address in filezilla server, add exeptions in the firewall.
You did not mention that in your post.

FileZilla Server requires forwarding TCP ports, the listening one (default 21 but can be changed) and data ports for Passive connections.

Define - You must enter the range into FZ Server's Passive settings so it knows which ones it can offer in the Passive reply.
Open - Local firewalls often like to block the Passive ports despite the application service itself being allowed. Reason is unknown, but then you need to open these ports separately.
Forward - You did that in the router already. Please use static forwarding and not Port Triggering/Virtual Server.

I am able to connect through Remote Desktop to my server giving it a TCP=3389 in the virtual server tab, but when I made that change in the port forwarding tab I lost connection with the remote desktop and now I am not able to make any connection what so ever with the filezilla client.
The Virtual Server may do further things you may not notice. The RDP feature may benefit from that, but FTP traffic has to pass largely unfiltered, it is very fragile in this regard.

Re: 425 Can't Open Data Connection

Posted: 2013-10-28 15:51
by feonix83
I also ran into this error when Windows Firewall on 2008 R1 was not allowing FileZilla as a program, but FTP ports on their own. I allowed the program and could then get the directory listing.

Re: 425 Can't Open Data Connection

Posted: 2014-07-08 19:19
by Ronski
I've been struggling to get my server and client to talk to each other.

I've installed FileZilla Server V 0.9.45 beta onto my WHS2011
I've configured passive ports 50000 to 50050
I've created inbound and outbound rules in the firewall for TCP on these ports
I've created inbound and outbound rules for port 21
I've created inbound and outbound rules for FileZilla Server.exe

I've forwarded the appropriate TCP ports as above to my server in my router (Netgear DGND3700)

I've got my laptop running from wi-fi hot spot on phone, so it's external to my network the server is on.

When I connect I get the following on the server.

(000007)08/07/2014 19:55:29 - (not logged in) (188.29.x.x)> Connected, sending welcome message...
(000007)08/07/2014 19:55:29 - (not logged in) (188.29.x.x)> 220-FileZilla Server version 0.9.45 beta
(000007)08/07/2014 19:55:29 - (not logged in) (188.29.x.x)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)
(000007)08/07/2014 19:55:29 - (not logged in) (188.29.x.x)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000007)08/07/2014 19:55:29 - (not logged in) (188.29.x.x)> USER FredBloggs
(000007)08/07/2014 19:55:29 - (not logged in) (188.29.x.x)> 331 Password required for FredBloggs
(000007)08/07/2014 19:55:29 - (not logged in) (188.29.x.x)> PASS ***********
(000007)08/07/2014 19:55:29 - FredBloggs(188.29.x.x)> 230 Logged on
(000007)08/07/2014 19:55:30 - FredBloggs(188.29.x.x)> PWD
(000007)08/07/2014 19:55:30 - FredBloggs(188.29.x.x)> 257 "/" is current directory.
(000007)08/07/2014 19:55:30 - FredBloggs(188.29.x.x)> TYPE I
(000007)08/07/2014 19:55:30 - FredBloggs(188.29.x.x)> 200 Type set to I
(000007)08/07/2014 19:55:30 - FredBloggs(188.29.x.x)> PASV
(000007)08/07/2014 19:55:30 - FredBloggs(188.29.x.x)> 227 Entering Passive Mode (x,x,x,x,195,85)
(000007)08/07/2014 19:55:30 - FredBloggs(188.29.x.x)> MLSD
(000007)08/07/2014 19:55:40 - FredBloggs(188.29.x.x)> 425 Can't open data connection for transfer of "/"
(000007)08/07/2014 19:57:41 - FredBloggs(188.29.x.x)> 421 Connection timed out.

Now on my client all appears the same except the line highlighted in red, where the port is 195,96 (50016) on my server it is 195,85 (50005), surely they should be the same?

I originally started with a higher port range, but I noticed the client always had ports around 50000, so I tried setting the 50000 to 50050 range, but it made no difference.

Any suggestions as to why this is not working/happening, I've looked through my router but can't seem to find anything thats causing this, even tried turning off NAT filtering, but it made no difference.

Edit:

I noticed each time the client tried to connect it would increment the port by one, so I altered the port range in the server to match the next increment (50018) and it connected, obvioulsy this won't work long term but it does prove what the problem is.
Now it's just the why?

Edit:

Just changed the port range to start at 50025 and it seems to be working as it should, very strange????

Re: 425 Can't Open Data Connection

Posted: 2014-07-09 10:07
by botg
If the reply to the PASV command differs between client and server, then some firewall or NAT router is actively sabotaging the connection.

Re: 425 Can't Open Data Connection

Posted: 2014-07-09 22:07
by Ronski
Thanks for the reply,unfortunately it's doing it again (which I expected). Googling suggests similar problems for others with my router.

The good news is active seems to work OK, hopefully the one and only other user who needs access can use active OK as well.

Re: 425 Can't Open Data Connection

Posted: 2014-08-01 12:56
by paulobergo
Dear Friend...

I don't know if this can helps you...

To solve my -same- issue, the solution applied to my Huawei EchoLife Home Gateway HG521 was create an entry on Port Triggering.

So, my router has six rules on Port Mapping:

Mapping Name - Interface - Protocol - Remote Host - External Start Port - External end Port - Internal Port - Internal Host - Enable
WebFTP2100 - nas_0_33 _ TCP/UDP - (empty) - 2100 - 2100 - 2100 - 192.168.0.111 - Enable
WebFTP2100 - nas_0_33 _ TCP/UDP - (empty) - 2101 - 2101 - 2101 - 192.168.0.111 - Enable
WebFTP2100 - nas_0_33 _ TCP/UDP - (empty) - 2102 - 2102 - 2102 - 192.168.0.111 - Enable
WebFTP2100 - nas_0_33 _ TCP/UDP - (empty) - 2103 - 2103 - 2103 - 192.168.0.111 - Enable
WebFTP2100 - nas_0_33 _ TCP/UDP - (empty) - 2104 - 2104 - 2104 - 192.168.0.111 - Enable
WebFTP2100 - nas_0_33 _ TCP/UDP - (empty) - 2105 - 2105 - 2105 - 192.168.0.111 - Enable

And one rule on Port Triggering:
Trigger Name - Interface - Trigger Protocol - Trigger Start Port - Trigger End Port - Open Start Port - Open End Port - Enable
WebFTP - nas_0_33 - TCP - 2100 - 2105 - 2100 - 2105 - Enable

After doing that, the server works fine...

Re: 425 Can't Open Data Connection

Posted: 2014-09-08 12:00
by Nicofromlyon
Hi everyone!

Exactly the same problem:

I have in my company a RICOH device, and I want to scan from this device to a remote FTP FileZilla server.

This remote FTP FileZilla server is hosted on a 2012R2 VM in a Datacenter.

I have in this Datacenter 1 main IP that is used by my master CISCO router and several IP's for several customers.

So when I want to scan, I enter with the dedicated customer's public IP.

BUT when I go from the customer's VM on www.example.org for example, that's the router's IP that is displayed and not the customer's one.

So, I have created some NAT redirections : TCP 20 and 21 for the customer's public IP and when I try to scan, the authentication is OK but the document does not manage to transfer :

"ERROR 425 CAN'T OPEN DATA CONNECTION FOR TRANSFER OF..."

Any idea ?

Re: 425 Can't Open Data Connection

Posted: 2014-09-08 14:31
by Nicofromlyon
Here is a screen capture...

Re: 425 Can't Open Data Connection

Posted: 2014-09-08 18:46
by Ronski
I'm a right noob when it comes to FTP, but port 20 and 21 is only used for setting up the connection, the actual data is transmitted over different ports.

If you take the last two numbers from the port line, then they can be used to calculate the port in use, in your example 255 x 256 + 237 = 65517.

You should have matching port numbers in the server logs and the agent logs, if not something is altering them (my router in my case), or you may need to forward the entire port range (specified in the FTP server) to your FTP server.

Hope the above is correct and of some help.