421 Could not create socket

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
emrrfc
500 Command not understood
Posts: 2
Joined: 2018-09-24 15:37
First name: Robert
Last name: Chapie

421 Could not create socket

#1 Post by emrrfc » 2018-09-24 16:06

Hello,

We are experiencing occasional 421 Could not create socket notices. This is causing some of our ftp jobs to fail and need to be resent. We are a low volume user, around 40 logins daily transferring 5 files. The files vary in size from 500K to 15-20 meg. The connections are spaced out through the day so they don't all hit at once. We are using the current version 0.9.60.2. We are using passive mode without specifying a port range since everything is internal, no external connections to the internet, everything is open. Here is a sample of what we are seeing. I have changed the login and ip address. When the PASV command is issued is the could not create socket coming from my FTP server or the client? Should I define a port range for Filezilla to use?


(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 230 Logged on
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> CWD \
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 250 CWD successful. "/" is current directory.
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> TYPE I
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 200 Type set to I
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> PASV
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 421 Could not create socket.
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> QUIT
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 221 Goodbye
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> disconnected.

Thanks

Rob

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: 421 Could not create socket

#2 Post by boco » 2018-09-24 17:30

We are using passive mode without specifying a port range since everything is internal, no external connections to the internet, everything is open.
Consider limiting the Passive range to 49152-65535, even if it is internal. The reason is that only the mentioned range is most probably unused (meant for temporary, ephemeral usage). All lower ports might at least be occupied partially by other services. When FileZilla tries to create a passive socket on such an occupied or blocked port, the result is the error 421 as you experienced.

Things to consider:
- Antivirus programs or other security software can block sockets. Sockets can also be occupied by other services.
- The error shown starts with a "4", thus it is of temporary nature. In such situations, your scripts should simply retry the transfer. Aborting the scrips is only correct in case of errors starting with "5" (permanent error).
When the PASV command is issued is the could not create socket coming from my FTP server or the client?
Lines starting with a response code always come from the server.


Btw. you don't need to obfuscate internal IP addresses (starting with 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). These are not unique in any way and cannot be used for identification.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 421 Could not create socket

#3 Post by botg » 2018-09-24 18:51

Consider limiting the Passive range to 49152-65535, even if it is internal. The reason is that only the mentioned range is most probably unused (meant for temporary, ephemeral usage). All lower ports might at least be occupied partially by other services. When FileZilla tries to create a passive socket on such an occupied or blocked port, the result is the error 421 as you experienced.
That's no longer necessary since version 0.9.51, since then if no range has been manually been configured, 49152 through 65535 is used.
FileZilla Server allocates ports in a manner that automatically prevents reuse of ports within the mandatory TIME_WAIT interval (see TCP RFCs). In case a port is selected that is already used by a program other than FileZilla Server, it retries up to 15 times to find an alternative before giving up.

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: 421 Could not create socket

#4 Post by boco » 2018-09-24 19:38

In that case, AV interfering.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

emrrfc
500 Command not understood
Posts: 2
Joined: 2018-09-24 15:37
First name: Robert
Last name: Chapie

Re: 421 Could not create socket

#5 Post by emrrfc » 2018-09-25 14:26

Thanks for the replies. We are using Symantec Endpoint Protection. Can I put in an exclusion for ports 49152 through 65535?

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 421 Could not create socket

#6 Post by botg » 2018-09-25 19:21

Worth a try.

Post Reply