425 Can't open data connection

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Murmure_777
500 Command not understood
Posts: 4
Joined: 2018-11-02 17:25
First name: Murmure
Last name: Lalwende

425 Can't open data connection

#1 Post by Murmure_777 » 2018-11-02 17:39

Bonjour,
Hello,

Je viens vers vous car j'ai un problème. J'ai monté un serveur Filezilla et en réseau local tout marche parfaitement. Mais lorsqu'un ami souhaite s'y connecter depuis Internet, il obtient: 425 can't open data connection.
I'm here because I have a problem. I set up a Filezilla server and it works perfectly in local network. But when a friend tries to connect from Internet, he gets: 425: can't open data connection.

J'ai bien ouvert les ports suivant: 20, 21, 990 et 50000:51000 sur mon routeur et sur le pare-feu de mon serveur. J'ai cherché dans d'autres topics ici et sur le net pour trouver des solutions, j'ai regardé tous les tutos possibles et imaginables...
I opened the following ports: 20, 21, 990 and 50000:51000 in my router and in the server's firewall. I looked for solutions in other topics here and on the internet, I looked all the tutorials imaginable...

Pouvez-vous m'aider s'il vous plaît ? Pensez-vous que ce soit du sabotage de la part de mon routeur ?
Can you help me please ? Do you think it is sabotage from my router ?

Merci d'avance pour vos réponses. :)
Thank you in advance for your answers. :)

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: 425 Can't open data connection

#2 Post by botg » 2018-11-02 18:27

Please post a complete log of this happening.

Murmure_777
500 Command not understood
Posts: 4
Joined: 2018-11-02 17:25
First name: Murmure
Last name: Lalwende

Re: 425 Can't open data connection

#3 Post by Murmure_777 » 2018-11-02 18:47

Ok:

Code: Select all

(000017) 02/11/2018 19:42:10 - (not logged in) (xx.x.xxx.x)> Connected, sending welcome message...
(000017) 02/11/2018 19:42:10 - (not logged in) (xx.x.xxx.x)> 220 Bienvenue sur le serveur FTP Windows Server à xxxxx !
(000017) 02/11/2018 19:42:11 - (not logged in) (xx.x.xxx.x)> AUTH TLS
(000017) 02/11/2018 19:42:11 - (not logged in) (xx.x.xxx.x)> 234 Using authentication type TLS
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> SSL connection established
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> USER David
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> 331 Password required for david
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> PASS ***********
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 230 Logged on
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PBSZ 0
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 PBSZ=0
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PROT P
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 Protection level set to P
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PWD
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 257 "/" is current directory.
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> TYPE I
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 Type set to I
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PASV
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 421 Can't create socket
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PORT 192,168,1,10,194,162
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 Port command successful
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> MLSD
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 150 Opening data channel for directory list.
(000017) 02/11/2018 19:42:23 - david (xx.x.xxx.x)> 425 Can't open data connection.

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: 425 Can't open data connection

#4 Post by boco » 2018-11-02 20:14

(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PASV
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 421 Can't create socket
There is a bad program on your PC that prevents the server from working properly. Please resolve. Prime suspects are Antivirus programs, Firewalls and other, so called, "security" software.

The client falls back to Active mode. Active mode won't work without proper client configuration, as the client is behind a NAT router.

Network Configuration
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Murmure_777
500 Command not understood
Posts: 4
Joined: 2018-11-02 17:25
First name: Murmure
Last name: Lalwende

Re: 425 Can't open data connection

#5 Post by Murmure_777 » 2018-11-02 21:07

Merci pour ta réponse.
Thank you for you reply.

Alors, j'ai désactivé le pare-feu (je n'ai pas d'antivirus) et j'ai demandé à mon ami de se connecter en mode actif. Voilà le log:
So, I desactivated firewall (I don't have antivirus) and I asked my friend to tried to connect in active mode. Here is the log:

Code: Select all

(000019) 02/11/2018 21:44:14 - (not logged in) (xx.x.xxx.x)> Connected, sending welcome message...
(000019) 02/11/2018 21:44:14 - (not logged in) (xx.x.xxx.x)> 220 Bienvenue sur le serveur FTP Windows Server à xxxxxx !
(000019) 02/11/2018 21:44:14 - (not logged in) (xx.x.xxx.x)> AUTH TLS
(000019) 02/11/2018 21:44:15 - (not logged in) (xx.x.xxx.x)> 234 Using authentication type TLS
(000019) 02/11/2018 21:44:15 - (not logged in) (xx.x.xxx.x)> SSL connection established
(000019) 02/11/2018 21:44:15 - (not logged in) (xx.x.xxx.x)> USER David
(000019) 02/11/2018 21:44:15 - (not logged in) (xx.x.xxx.x)> 331 Password required for david
(000019) 02/11/2018 21:44:15 - (not logged in) (xx.x.xxx.x)> PASS ***********
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 230 Logged on
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> SYST
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 215 UNIX emulated by FileZilla
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> FEAT
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 211-Features:
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  MDTM
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  REST STREAM
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  SIZE
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  MLST type*;size*;modify*;
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  MLSD
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  AUTH SSL
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  AUTH TLS
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  UTF8
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  CLNT
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)>  MFMT
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 211 End
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> PBSZ 0
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 200 PBSZ=0
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> PROT P
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 200 Protection level set to P
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> PWD
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 257 "/" is current directory.
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> TYPE I
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 200 Type set to I
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> PORT 192,168,1,10,198,67
(000019) 02/11/2018 21:44:15 - david (xx.x.xxx.x)> 200 Port command successful
(000019) 02/11/2018 21:44:16 - david (xx.x.xxx.x)> MLSD
(000019) 02/11/2018 21:44:16 - david (xx.x.xxx.x)> 150 Opening data channel for directory list.
(000019) 02/11/2018 21:44:26 - david (xx.x.xxx.x)> 425 Can't open data connection.
J'ai lu le lien "Network Configuration", penses-tu que mon routeur NAT fasse du sabotage ?
I read "Network Configuration", do you think my NAT routeur is doing sabotage ?
Some routers and firewalls pretend to be smart. They analyze connections and, if they think they detect FTP, they silently change the data exchanged between client and server. If the user has not explicitly enabled this feature, this behavior is essentially data sabotage and can cause various problems.
Après, tu me dis:
After, you tell me:
The client falls back to Active mode. Active mode won't work without proper client configuration, as the client is behind a NAT router.
Du coup, quelle configuration doit avoir le client ? Doit-il ouvrir des ports sur son routeur NAT ?
Which configuration has to have the client ? Does he have to open ports on his NAT router ?

Et comment faire pour rester en mode passif ?
And how to stay in passive mode ?

User avatar
boco
Contributor
Posts: 24153
Joined: 2006-05-01 03:28
Location: Germany

Re: 425 Can't open data connection

#6 Post by boco » 2018-11-03 00:22

According to the log, the client seems to have switched to Active mode permanently. It doesn't attempt to send PASV, but sends PORT right away. Please tell the client to use Passive mode again. Maybe it starts to work.
I read "Network Configuration", do you think my NAT routeur is doing sabotage ?
Not in this case. The "Can't create socket" problem is directly on your computer. A router cannot cause that problem, rather a security software blocking local ports.
Which configuration has to have the client ? Does he have to open ports on his NAT router ?
Not all routers sabotage FTP. If he wants to get Active mode to work (rather than trying Passive), then yes, he needs to forward the data ports on his router and tell his FTP client to use them.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

Murmure_777
500 Command not understood
Posts: 4
Joined: 2018-11-02 17:25
First name: Murmure
Last name: Lalwende

Re: 425 Can't open data connection

#7 Post by Murmure_777 » 2018-11-14 14:41

Bonjour,
Hello,

J'ai dit au client d'utiliser le mode passif à nouveau, et nous obtenons le même log que au départ:
I told the client to use passive mode again, and we have the same log:

Code: Select all

(000017) 02/11/2018 19:42:10 - (not logged in) (xx.x.xxx.x)> Connected, sending welcome message...
(000017) 02/11/2018 19:42:10 - (not logged in) (xx.x.xxx.x)> 220 Bienvenue sur le serveur FTP Windows Server à xxxxx !
(000017) 02/11/2018 19:42:11 - (not logged in) (xx.x.xxx.x)> AUTH TLS
(000017) 02/11/2018 19:42:11 - (not logged in) (xx.x.xxx.x)> 234 Using authentication type TLS
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> SSL connection established
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> USER David
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> 331 Password required for david
(000017) 02/11/2018 19:42:12 - (not logged in) (xx.x.xxx.x)> PASS ***********
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 230 Logged on
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PBSZ 0
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 PBSZ=0
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PROT P
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 Protection level set to P
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PWD
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 257 "/" is current directory.
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> TYPE I
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 Type set to I
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PASV
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 421 Can't create socket
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> PORT 192,168,1,10,194,162
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 200 Port command successful
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> MLSD
(000017) 02/11/2018 19:42:12 - david (xx.x.xxx.x)> 150 Opening data channel for directory list.
(000017) 02/11/2018 19:42:23 - david (xx.x.xxx.x)> 425 Can't open data connection.
Not in this case. The "Can't create socket" problem is directly on your computer. A router cannot cause that problem, rather a security software blocking local ports.
D'accord, mais alors pourquoi quand je me connecte au serveur depuis un poste dans le même réseau que le serveur tout fonctionne correctement ?
Okey, but why when I connect to the server from a computer in the same network everything works correctly ?

Post Reply