FileZilla Forums

(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> USER user
(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> 331 Password required for user
(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> PASS *******
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 230 Logged on
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> SYST
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 215 UNIX emulated by FileZilla
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> FEAT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 211-Features:
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MDTM
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> REST STREAM
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> SIZE
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MLST type*;size*;modify*;
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MLSD
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> AUTH SSL
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> AUTH TLS
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PROT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PBSZ
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> UTF8
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> CLNT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MFMT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> EPSV
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> EPRT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 211 End
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PBSZ 0
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 PBSZ=0
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PROT P
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 Protection level set to P
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> CLNT Total Commander (UTF-8)
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 Don't care
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> OPTS UTF8 ON
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 202 UTF8 mode is always enabled. No need to send this command.
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> PWD
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 257 "/" is current directory.
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> TYPE A
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 200 Type set to A
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> PORT 192,XX,XX,XX,240,140
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 421 Rejected command, requested IP address does not match control connection IP.

FileZilla Server 0.9.54 beta

Why the server is trying to connect my internal IP address?

Note that you are using FTP over TLS (FTPS), not SFTP (SSH File Transfer Protocol). These are two completely different protocols that have absolutely nothing in common if you look past tehs imilar name and purpose.

Why the server is trying to connect my internal IP address?

It isn't. Your client is telling your server to connect to the client's internal IP address, which the server rejects due to it being impossible.

how do i prevent my client to tell my server to connect to the client's internal IP address?

Probably by configuring it correctly. I'm not familiar with your particular client.

Please carefully study the Network Configuration guide. While it has been written for FileZilla and FileZilla Server, the general concepts it talks about are valid for all FTP products.

Tell your client to use Passive Mode. Provided the FileZilla Server is configured correctly, that's a much better choice.

Morning i am having a similar issue.
i get the following error

user (96.1.X.X) 227 entering passive mode (192.168.X.X,239.65)
user (96.1.X.X) PORT 207.x.x.x, 221,62
user (96.1.X.X) 421 Rejected command, requested IP address does not match control connection IP

This has been running fine for 6 weeks then i get this error all of a sudden

The server doesn't tell the client its public IP address, only the private-range LAN one (incorrect configuration). Since connecting to that address is impossible, client falls back to Active Mode (PORT). As the client isn't configured correctly, either, the connection fails.

Please read Network Configuration and configure the server properly.

Me, too.

I read the Network Configuration document and I still can't tell what I am doing wrong. CyberDuck connects and works perfectly on passive mode. Attempting to connect with cURL, though, connects, authenticates, switches directory successfully and then fails with this:

bind(port=0) on non-local address failed: Can't assign requested address
EPRT |1|0.0.8.174|52354|
421 Rejected command, requested IP address does not match control connection IP.
We got a 421 - timeout!

Suggestions?

TIA!

jfletch wrote: ↑

2018-10-29 15:06

EPRT |1|0.0.8.174|52354|

That simply cannot work, 0.0.8.174 a special purpose address only valid as source address, but the server needs to act upon the EPRT command, using the obtained IP as destination address.

So, where did that address come from?

jfletch wrote: ↑

2018-10-29 16:14

So, where did that address come from?

Attempting to connect with cURL, though, connects, authenticates, switches directory successfully and then fails with this:

So are you saying that the IP address can be specified through a cURL option? Should I send an address for it to work? I am not currently specifying anything. I don't recognize that address and I have no idea where it came from.

I don't have access to the FileZilla server, but should I tell the client's IT person who set it up to change a setting in FileZilla? What would that be?

I don't understand what you mean by your last reply, Tim. Can you elaborate?

Two things here:

I hope it can be specified in curl, otherwise using active mode FTP with curlwould be completely impossible if the client is behind a NAT router.

The other thing is, why does it pick up this exotic special purpose address? I've never seen this address family been used before. Two possible reasons for this: A bug in curl, or a malicious firewall tampering with network traffic.

The other thing is, why does it pick up this exotic special purpose address? I've never seen this address family been used before. Two possible reasons for this: A bug in cURL, or a malicious firewall tampering with network traffic.

Your guesses look better than mine. I'm going to go with the firewall issue.

So, is that supposed to be MY IP address in that spot?

Also, you said "active mode." I am able to connect with another FTP client in passive mode, so I was assuming it was passive. Does that sound right to you?

If I used the FileZilla client are there features that can help me troubleshoot this situation?