425 Can't open data connection

[beinars]

Hi!

I'm newbe and trying to set up FTP server. Everything is ok, so far, but when my friend trys to send me a file through program I wrote myself, I get this boring 425 error!

Can anyone explain to me what this command does: "200 MODE set to S"

Thanks..

(000029) 9.12.2007 18:34:33 - (not logged in) (194.144.12.185)> Connected, sending welcome message...
(000029) 9.12.2007 18:34:33 - (not logged in) (194.144.12.185)> 220-Garra ftp server
(000029) 9.12.2007 18:34:33 - (not logged in) (194.144.12.185)> 220-
(000029) 9.12.2007 18:34:33 - (not logged in) (194.144.12.185)> 220 Afritun ofl.
(000029) 9.12.2007 18:34:33 - (not logged in) (194.144.12.185)> USER finnur
(000029) 9.12.2007 18:34:33 - (not logged in) (194.144.12.185)> 331 Password required for finnur
(000029) 9.12.2007 18:34:33 - (not logged in) (194.144.12.185)> PASS ****
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 230 Logged on
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> TYPE I
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 200 Type set to I
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> STRU F
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 200 Using file structure 'File'
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> MODE S
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 200 MODE set to S.
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> REST 0
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 0
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> REST 1
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 1
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> REST 0
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 0
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> EPRT |1|192.168.1.33|4418|
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 200 Port command successful
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> TYPE I
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 200 Type set to I
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> ALLO 231510
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 202 No storage allocation neccessary.
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> REST 0
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 0
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> STOR Finnur/BANKIFB.ZIP
(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> 150 Opening data channel for file transfer.
(000029) 9.12.2007 18:34:43 - finnur (194.144.12.185)> 425 Can't open data connection.

[botg]

(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> EPRT |1|192.168.1.33|4418|

Please read the Network Configuration guide and configure the client properly.

[beinars]

(000029) 9.12.2007 18:34:33 - finnur (194.144.12.185)> EPRT |1|192.168.1.33|4418|

Please read the Network Configuration guide and configure the client properly.

Hmmmm...

I have read this..

My friend can copy all the files he wants to in IExplorer (ftp://[ip address]).

Here is the logg:

(000051) 9.12.2007 19:55:03 - finnur (194.144.12.185)> 250 CWD successful. "/" is current directory.
(000051) 9.12.2007 19:55:03 - finnur (194.144.12.185)> TYPE I
(000051) 9.12.2007 19:55:03 - finnur (194.144.12.185)> 200 Type set to I
(000051) 9.12.2007 19:55:03 - finnur (194.144.12.185)> PASV
(000051) 9.12.2007 19:55:03 - finnur (194.144.12.185)> 227 Entering Passive Mode (192,168,1,3,10,43)
(000051) 9.12.2007 19:55:03 - finnur (194.144.12.185)> STOR BANKIFB.zip
(000051) 9.12.2007 19:55:03 - finnur (194.144.12.185)> 150 Connection accepted
(000051) 9.12.2007 19:55:05 - finnur (194.144.12.185)> 226 Transfer OK

This error occured only if we use our own program which does bakcup and then ftp --> [ip address]

This same backup program works ok with other ftp-servers.. so what can be the problem?

p.s. I have change my program to use the PASV command and then the log look like this:

(000041) 9.12.2007 19:51:28 - (not logged in) (194.144.12.185)> 220-Garra ftp server
(000041) 9.12.2007 19:51:28 - (not logged in) (194.144.12.185)> 220-
(000041) 9.12.2007 19:51:28 - (not logged in) (194.144.12.185)> 220 Afritun ofl.
(000041) 9.12.2007 19:51:28 - (not logged in) (194.144.12.185)> USER finnur
(000041) 9.12.2007 19:51:28 - (not logged in) (194.144.12.185)> 331 Password required for finnur
(000041) 9.12.2007 19:51:28 - (not logged in) (194.144.12.185)> PASS ****
(000041) 9.12.2007 19:51:28 - finnur (194.144.12.185)> 230 Logged on
(000041) 9.12.2007 19:51:28 - finnur (194.144.12.185)> TYPE I
(000041) 9.12.2007 19:51:28 - finnur (194.144.12.185)> 200 Type set to I
(000041) 9.12.2007 19:51:28 - finnur (194.144.12.185)> STRU F
(000041) 9.12.2007 19:51:28 - finnur (194.144.12.185)> 200 Using file structure 'File'
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> MODE S
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 200 MODE set to S.
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> REST 0
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 0
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> REST 1
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 1
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> REST 0
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 0
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> EPRT |1|192.168.1.33|4627|
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 200 Port command successful
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> TYPE I
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 200 Type set to I
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> PASV
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 227 Entering Passive Mode (192,168,1,3,10,6)
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> ALLO 231510
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 202 No storage allocation neccessary.
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> REST 0
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> 350 Rest supported. Restarting at 0
(000041) 9.12.2007 19:51:29 - finnur (194.144.12.185)> STOR Finnur/BANKIFB.ZIP
(000041) 9.12.2007 19:51:39 - finnur (194.144.12.185)> 425 Can't open data connection.
(000041) 9.12.2007 19:51:39 - finnur (194.144.12.185)> QUIT
(000041) 9.12.2007 19:51:39 - finnur (194.144.12.185)> 221 Goodbye

[botg]

Your friend has a malicious router or firewall. Read Network Configuration for proper instructions. If that doesn't work, throw away router or firewall.

[beinars]

Your friend has a malicious router or firewall. Read Network Configuration for proper instructions. If that doesn't work, throw away router or firewall.

Yeah... I have told him his comp is a junk.. a lot of times!

But he have a valid argument.

He can use this program to backup and send to other ftp-servers, more than one!

He can send me files to FileZilla fpt server, with Explorer and IExplorer, no problemo!

It is only when he try to use this backup program to takes backup and then sends the file with "internal ftp commands" to my FileZilla ftp server, when something goes wrong.

As you can see here above, after the command 'STOR Finnur/BANKIFB.ZIP' I get this error, 425!

Thanks..

[botg]

It's so simple. He has a broken router or firewall that inspects the traffic, guesses the protocol and tries to open the necessary ports.

This malicious behavior is wrong for the following reasons:
- No guarantee that it's really the guessed protocol. Which protocol it is is suject to the user's choice
- Doesn't work if there's even the slightest difference in the protocol implementation
- Proper network configuration is a complex task. Doing it automatically leaves the user clueless. And clueless users are even more dangerous than a user with bad intent.

Conclusion: Any firewalls and routers trying to be "smart" are a total piece of junk, broken by design.

[beinars]

It's so simple. He has a broken router or firewall that inspects the traffic, guesses the protocol and tries to open the necessary ports.

This malicious behavior is wrong for the following reasons:
- No guarantee that it's really the guessed protocol. Which protocol it is is suject to the user's choice
- Doesn't work if there's even the slightest difference in the protocol implementation
- Proper network configuration is a complex task. Doing it automatically leaves the user clueless. And clueless users are even more dangerous than a user with bad intent.

Conclusion: Any firewalls and routers trying to be "smart" are a total piece of junk, broken by design.

Ok.. I will let another friend try different settings, different comp, different location to morrow!

[beinars]

Aaaaarrrrggg...

Ok.. now I have tried this with two other friends, and with exactly the same result!

425 Data Connection error!

Update:
Now I have reversed things. One of my friends did set up FileZilla Server and I was client..

Same result!

[bhame]

I understand your frustration but botg is correct in that it is either a firewall/router issue or a configuration issue.

I just installed 0.9.24 and had the same exact issue. I thought I new how to configure FileZilla Server correctly, since I've been using it for years, and thought I had my port forwards set up correctly in my firewall. I was wrong.

I am now using Active Mode, where I was using Passive in previous builds, and forward ports 20 & 21 and that's it. No more problems from FileZilla Client 3.0.4.1.

[atariman5000]

I understand that this topic hasn't been posted to in some time now, but I turned it up on Google searching for answers why I am getting the 425 error. In searching for an answer on Google, I was finally able to figure it out the fix. Under settings/firewall limit your port range from port 50000 to 50100. This fixed the issue for me. I hope that someone else out there may find this to help them with there 425 error as well.

[boco]

It's all about users not understanding the concept of FTP completely.

You need to have (Passive FTP)
-a well behaving (non-interfering) router/firewall (if at all)
-correctly limited Passive port range and set external IP in server's Passive settings
-correct port-forwarding of the server's listening port AND the Passive port range

If any of the three points fails = No go.

[stitches]

This sounds like the same problem I am experiencing. And I think the cause is the router/NAT device not handling passive mode commands correctly. A workaround involves using active mode on the client side, telling the client what ports to use, and then configuring the firewall on the client side to forward a specific port range to the client. I tested this and it works. But this workaround is not for everyone, as it requires you to configure each client and client side firewall, which may not be possilbe. So changing to an FPT-aware router that knows how to handle those passive mode commands may be the only answer for those who need many clients to accesss their FZ server.

For more info on this problem, refer to the "FTP and NAT Devices" section of this Wikipedia page on FTP ( http://en.wikipedia.org/wiki/File_Transfer_Protocol ), and "The Firewall Problem" section of this FTPS page may also be helpful ( http://en.wikipedia.org/wiki/FTPS ). Or you can probably find more info by googling "passive mode problem".

I'm not sure if this helps with the problem discussed in this thread, so I will post a new thread for this subject. The Filezilla Configuration Guide doesn't touch on this issue, but it should. I am using a very common router, Linksys WRT54G, so I'm sure there are many people having this same issue with this router or others.

[botg]

I wrote parts of these sections in the Wikipedia articles about FTP

[stitches]

Site Admin, thanks for the info on those wikipedia pages. They have been helpful. I'm sort of a newbie at FTP, especially using encryption, but am learning fast thanks to info like this. It may be helpful to add this issue to the Network Config page of the Filezilla project site, but I would rather someone with more experience with this issue to do it. They may be able to explain it better. So if you have this experience, please add it to the site. I'm still trying to find out if replacing my router is the only solution for me to use passive mode with encryption with FZ server. And I guess I'd like to know if other FTP programs offer a way around this problem. Can you advise?

I started a new post for this as it may be off topic from this thread.

[botg]

It may be helpful to add this issue to the Network Config page of the Filezilla project site

Already done: http://wiki.filezilla-project.org/Netwo ... a_sabotage