425 Can't open data connection

[rhapsody]

I can successfully connect using:

1. Windows FTP from command prompt
2. Adobe Dreamweaver CS4
3. Adobe Contribute CS4

Using Filezilla 3.3.2.1 however, it just sits at "425 Can't open data connection".

I have tried this from two seperate networks (using 2 different routers) -- no change.

Please help.

Thanks!

[brightspectrum]

On Windows you also get this message with if the FileZilla Server exe (in your Program Files/FileZilla folder) is not added as an exception in the Windows Firewall.

[WessieNC]

On Windows you also get this message with if the FileZilla Server exe (in your Program Files/FileZilla folder) is not added as an exception in the Windows Firewall.

I have added FileZilla as a program in my Windows Firewall and problem was sorted.Also be sure to add ftp port 21 in your Windows firewall.

[s1m0nc]

Old post, but for those who find this and are still having issues. Make sure that Windows Firewall is disabled on server and client. Sounds obvious, but I had a server merrily allowing one machine to connect and get a directory listing, and another connecting abd being denied a dir listing. Disabling the server's firewall allowed the other to connect. Utterly ridiculous, but then that's windows firewall for you.

If win firewall is your bag, feel free to disable it to test, then re-enable and deal with the rules...

[airmikec]

FileZilla is an incredibly simple program to use. I don't work much with Linux, but usually from one operating system to another it's the same principal, such as setting up a DNS server, Email Server, DHCP, ect. So I am going to assume that this error applies to all operating systems.

Currently I am running Windows Data Center Server 2008 R2. In Server 2008 Microsoft got smart and separated the "Okay" and "Great" IT administrators. This means if you are an Okay IT administrator that means Windows 2008 won't make sense to you and you struggle to get things to work. What this means is prior to Server 2008 operating systems had all their ports open. Here is the gist to solving most problems with Windows 2008 server including FileZilla server. FileZilla uses port 21 for non-secure file transfer. So you must have port 21 open for incoming and outbound connections, because Server 2008 is locked down you need to add a new port rule for inbound and outbound connections. Not only that, C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe is looking for information coming on port 21, therefore you must add a program exception for inbound and outbound connections, selecting the program listed above and the port that it will read. After this has been done you should get all information coming to FileZilla.

Now I read other replies about routers doing weird things and people are recommending others to by a new router. B.S. That is not how routers work. They never have and never will, it defeats the purpose to do so. What I will tell you is that some routers won't allow you to pass information through on specific ports. So therefore you would need to use some sort of Port Forwarding mechanism that is in the router software. This will allow you to forward an outside port to a PC inside your network on the same or different TCP port. Sometimes though as previously mentioned some ISPs don't like people hosting email or FTP sites, by changing the port of your FTP you can get around this. However, changing the port for mail transfer will not work because the email is being blocked by the ISP. To get around that you may be able to find a company online that does port forwarding for you, one potential possibility would be to use use DDNS. I am not sure if DDNS will work or not, but I use DDNS because I have a dynamic IP address and DDNS fixes the fact that my IP address changes. On that note, later days people and I hope if you are reading this your problem gets fixed.

[boco]

Now I read other replies about routers doing weird things and people are recommending others to by a new router. B.S.

Not entirely true. Some routers have bugs and the mechanisms don't work correctly.

[milario]

Hello Boco,
just found this old page, but I wish it will be useful.
So, my FTP login in Filezilla fails this way: 425 All reserved TCP ports are busy.
Can you help me?

[boco]

This thread is about FileZilla Server. Please create your own in the client section.

[jkristiansen]

Not sure if this was answered or not yet. I have seen this issue alot with routers and a simple fix can be adding the ftp computer to the DMZ list in the router.

[boco]

Note that DMZ overrides all other NAT forwarding rules. Nothing beats proper port forwards.

I hope NAT will disappear once IPv6 becomes common.

[Leck1]

I have to compliment boco on communicating with users better from the brief time i've read some of this forum to help me set up my fz server again, bc i lost my own instructions i wrote to myself the first time due to stupid spinning harddrive failures (whoever invented moving parts inside hard disk storage should be drug out into the street and shot)

i did get mine working like before and as i recall filezilla may automatically or manually try ports above and below 21 so you want to open up 20-23 like suggested, bc most of the time opening a few extra ports doesn't hurt. that being said, i do want to correct boco on one of the things on the wiki page. first i want to write that was a good idea to direct users to a wiki page for fz server setup. it's good how boco can update the page quickly as needed too. the passive mode section in the wiki page noted here isn't totally correct. this will get the job done, but you don't need to open up all ports, just all source ports. destination ports are specified as 20-23 and if you are using passive mode, then destination ports are whatever random port range you choose. i am cutting and pasting what is on the wiki because chances are it will be changed quickly. as a disclaimer, i don't know if "outgoing" means "source" or not. either way it should be noted only source needs to be all/any as to keep the firewall in tact.

"
Passive mode

In passive mode, the client has no control over what port the server chooses for the data connection. Therefore, in order to use passive mode, you'll have to allow outgoing connections to all ports in your firewall.
"

i would suggest a troubleshooting area for server setup like microsoft does with their operating system windows troubleshooter. the only thing about microsoft troubleshooter, is that you have to go through the entire troubleshooter if you select the wrong thing. this type of thing would mostly eliminate the reading people have to do to find the answer to their problem. chances are people don't know that passive mode, opening ports 20-23, and putting a password on their login will fix over 90% of the problems with not connecting to the server. also you have to use internet explorer or firefox. the other web browsers automatically add http which doesn't allow you to use ftp over browser. thankfully the newer internet explorer versions have passive ftp selected BY DEFAULT. now if we can just get filezilla to have everything working by default, the non professional file sharing world would have much less user forum troubleshooting posts.

so here is the example of a reference guide for not being able to connect to a server.

-----

server not running:
-uninstall and reinstall with different settings
-try 32 bit
-try an older/newer version of fz
-temporarily disable computer antivirus and firewalls (preferrably disconnecting from the internet beforehand)

server running but not able to connect:
-disable all firewalls in operating system. make sure your antivirus software doesn't have any firewall type services.
-try a different computer
-add a password and username to your group/user

server running and able to connect 127.0.0.1 (localhost) from the same computer but not any other computers:
-try connecting from another computer behind your router using a local ip address like 192.168.1.2 in firefox/ie with ftp://192.168.1.2 as the url
-check the ports with a port checker website to see if they are open
-add passive mode
-use filezilla client and firefox/ie to test connections
-add a password and username to your group/user

server running and able to connect locally, from computers behind router, but not remotely (using an external ip):
-enable passive mode and open ports 20-23 destination plus all source. choose passive port range with all source and a range of destination ports in the high end above port 10,000
-check the ports with a port checker website to see if they are open
-try opening all ports to your computer in your router settings. you don't want to leave it that way for over 1 hour though. you can connect that computer directly to the internet without a router as an alternative way to "open all ports"

-----

i hope this helps. i might have some things wrong, but this isn't my job, so the people who update the wiki can check to make sure what i wrote is correct obviously.

[[ERR]_1D-I/O-T]

I realize this is hella-old, but I'm having this problem - and can't figure it out. I'm fully aware that there is a 115% chance it's 'user-error' here, so I apologize for any amount of dumb the following might contain.

We're using FileZilla Server to replicate our clients' backups to our servers. Up until today, we've just been using regular FTP, but the powers-that-be have mandated that our data transfers must be SSL to be compliant with this/that/the other.

So.

First thing was to setup the user/password/home folder for the client to authenticate and dump the files in the right location. Simple enough, but here's what we got (to be thorough, you know):

Code: Select all

User:           user
Password:       password
Home Folder:    D:\BACKUP
Permissions:    Read Files      Create Directories      Include Sub-Directories
	             Write Files     Delete Directories	
                Delete Files    List Directories
                Append Files

Next, was to verify Passive Mode Settings:

Code: Select all

Port Range:     50000 - 51000
External IP:    xxx.xxx.xxx.xxx

On to SSL/TLS Settings:

Code: Select all

SSL:            Enabled
Certificate:    2048-bit, Self-Signed
Listening On:   989, 990

And, to make this baby purr, SonicWALL Access Rule:

Code: Select all

Allow/Deny      From            To                      Service/Port
Allow           Any             xxx.xxx.xxx.xxx         (TCP) 21, 989-990, 4363-4365, 54363

Windows Firewall is set to 'Allow' incoming and outgoing on both the destination and source servers. Client can connect, authenticate, and navigate to the subdirectory where the files to be transferred are to end up. However, that is all it can do. After that, I get a "425 Can't open data connection" error.

Again, I'm probably missing something glaringly obvious, I'm not ashamed to admit that. But I've read the Network Configuration Guide posted in here, and through this thread, and I'm just...not having any luck. Can anyone see where I might've botched this whole thing?

Thanks in advance

[botg]

Code: Select all

Port Range:     50000 - 51000
External IP:    xxx.xxx.xxx.xxx

Code: Select all

Allow/Deny      From            To                      Service/Port
Allow           Any             xxx.xxx.xxx.xxx         (TCP) 21, 989-990, 4363-4365, 54363

So where is the port range in your firewall rules?


Regarding port 989, you neither need to listen on it nor open it up.

[[ERR]_1D-I/O-T]

Code: Select all

Port Range:     50000 - 51000
External IP:    xxx.xxx.xxx.xxx

Code: Select all

Allow/Deny      From            To                      Service/Port
Allow           Any             xxx.xxx.xxx.xxx         (TCP) 21, 989-990, 4363-4365, 50000-51000, 54363

So where is the port range in your firewall rules?


Regarding port 989, you neither need to listen on it nor open it up.

Whoops. Edited to include those ports. As for 989, that's what I thought...I'll go ahead and remove it from the range.

[botg]

What does https://ftptest.net/ say if you try to connect to your server?