Page 1 of 2

Cannot connect to ftp server

Posted: 2020-06-16 17:20
by James_liv

Hoping someone can help.

I've got a few files movies on laptop and sometimes I watch them on another laptop whilst I'm away with work.
I've used Filezilla for a couple of years and it's been OK and done the job.

Recently I got some ransomwear on my home laptop (the server one) and so had to format it and start again.
Same laptop, same router but using what I thi k are the same settings I can't get it to connect.

It will 'usually' connect on the WiFi in the house but from outside the network it won't.

I've tried every different possible combination of settings.

I've forwarded my ports on the router and still to no avail.

Sometimes it times out, sometimes it says connection refused and sometimes it connects but I get error 425 and it can't list the directory.

I can set it up and I get connect refused, play around and seemingly go back to the original settings and then it gets a bit further.

After spending 4 days trying to get it to work and watching various YouTube guides and I'm here for help.

Please help as its driving me insane.

My settings currently are:

Port 50000 forwarded to internal port 21
Port 880 forwarded to internal port 880
Port 21 forwarded to internal port 21

I have all three set and I'm trying various settings using these.

In filezilla server I have :-

Listen on port 21

I've tried custom port range 50000 and I've tried not ticking this.

I've currently got it retrieving external ip address from.... But I've tried it as default.

I've currently got it as don't use external ip for local connections but I've tried it without this.

In security I've got it set to disable ip check.

On Windows defender firewall I've got it to allow both filezilla.exe and filezilla interface on both incoming and outgoing.
I've also set it to allow ports 21, 50000 and 880.

I've tried switching off my virus software and it makes no difference.

I've got a VNC client connected to my phone and can access my laptop from outside the network on this so I'm doing something right but not the ftp part.

Any help would be hugely appreciated as I'm really struggling to resolve it and I simply don't have enough knowledge.

Thanks in advance.

Re: Cannot connect to ftp server

Posted: 2020-06-16 17:57
by boco
Please read the Network Configuration Guide.

The only correct forward rule is the 21 -> 21 one.
Port 880? What's that for? If (and only IF) you use Implicit FTP over TLS, you need to forward port 990. Recommended Explicit FTP over TLS uses 21.

50000 -> 21 is even wrong on multiple levels:

1. Passive port range needs to be a range (100 ports or more), single port is not sufficient.
2. Remapping (redirecting to different port numbers) is generally discouraged.
3. Port 21 is already blocked by the 21 -> 21 rule.
Forward 21 -> 21 and 50000-50099 -> 50000-50099,
define Passive range as 50000-50099,
use "I've currently got it retrieving external ip address from...",
do all the firewall stuff. Then it should work.

Re: Cannot connect to ftp server

Posted: 2020-06-16 18:44
by James_liv

I made those changed and still nothing.

It doesn't connect even using the local up now. Just times out.

I've got a TP Link Archer C2300 router.
I'm the NAT forwarding it has virtual server and also port triggering.

I've set both however,
In Virtual Server I can set external port to 50000-50099 but on the internal port I can only set it to 50000.
In Port trigger again I can only set the trigger port to 50000 but can (and have) set the external port to 50000-50099.

Assume that correct?

Do I need to reset my router after each change? Or can I just save the settings?

Re: Cannot connect to ftp server

Posted: 2020-06-16 19:08
by boco
Connecting locally does not involve the router at all. Start by fixing the LAN connection first.

1. Check the firewall rules.
2. Check that the rules are made for the correct LAN profile (public, domain or private network).
3. Important: Always use the local (LAN-)IP to connect in the LAN, the external IP or URL will not work reliably.


Use the Virtual Server for forwarding ports. Port triggering does not work for FTP.
In Virtual Server I can set external port to 50000-50099 but on the internal port I can only set it to 50000.
That's correct, the router will be able to figure out the remaining private ports from the information given (start port + width of public range, and start port of private range).
Do I need to reset my router after each change? Or can I just save the settings?
Usually, a reset is not required (unless the router explicitly asks for it). However, we've encountered some faulty devices over the years*, rebooting the router doesn't do any harm.

*Small note: There are even devices out there where port forwarding does not work and all settings are completely bogus.

Re: Cannot connect to ftp server

Posted: 2020-06-16 21:45
by James_liv

I've done as suggested and the local network now connects and works fine. Thank you.

I've checked all the rules and everything seems fine but outside of the LAN it doesn't connect.

Im using an Ftp program on my android phone with the WiFi turned off. This worked before I had to wipe.
When I do that now I get the following message...

Failed to connect to /**. **. **. ** (port 21) from /:: (port 36713) : connect failed : ECONNREFUSED (connection refused).

And if I change the port to 50000 I get.

Failed to connect to /**. **. **. ** (port 50000) from /:: (port 47911) : connect failed : ETIMEDOUT (connection timed out).

Any ideas?

Re: Cannot connect to ftp server

Posted: 2020-06-17 00:57
by boco
You will always connect to port 21. 50000 is a data port and a direct connection is not possible (it will be opened by the server when necessary).

Would you please test your server with our test site? - use the "Allow fallback to plain FTP" profile. Unfortunately, mobile providers very often block FTP or do strange things to FTP traffic. Maybe it works if you don't use 21 but 50100 as main port?

Re: Cannot connect to ftp server

Posted: 2020-06-17 10:36
by James_liv

OK, I tried that as suggested on

On port 21,
Error: Could not connect to server: Connection refused

And on port 50100,
Warning: Allowing fallback to plaintext FTP is insecure. You should use explicit FTP over TLS.

Warning: Selected port (50100) is not the default port (21) of the selected protocol.

Status: Resolving address of **. **. **. **
Status: Connecting to **. **. *. *
Error: Connection attempt timed out.

I was reading the network configuration guide and trying different things this morning and in the 'help protect your computer with Windows Defender Firewall' it shows as Private Network is active and Public is Not Connected.
Could this be something to do with it?
Ive had a look around and a google and can't seem to get this to change.

Again, thank you for your assistance, it is very much appreciated.


Re: Cannot connect to ftp server

Posted: 2020-06-17 20:15
by boco
If you use the Private Network role, then all your firewall rules must be done for that role. Also, strict mode ("Block all incoming traffic") must be off.

Could it be that you used FTP over TLS on your old server?

Re: Cannot connect to ftp server

Posted: 2020-06-17 23:13
by James_liv
I'm not fussed if it's set to private or public but currently it's set to private. It's also set to 'block all connections that are not an allowed app' and both filezilla.Exe, the interface and ports 21 and 50000 are on the allowed list.

I'd happily use any role or setting to get it working and then slowly turn them back on to see which causes an issue until its secure again but everything seems setup correctly.

I don't think I had FTP over TLS because I always had the error message. In fact I'm almost certain I had it set to active because I used to get the message about configuring passive mode too.

Would configuring FTP over TLS make it work? I'm happy to do that if it will work. Just tell me how.

I don't really know what else to try. I've turned off just about every security setting I can think off.

Tomorrow I will uninstall my virus protection (Kaspersky) and disabled windows firewall completely and see if that makes a difference.

Re: Cannot connect to ftp server

Posted: 2020-06-18 00:53
by boco
These days, using FTP over TLS is always recommended. Using it (even with a self-signed certificate) prevents any third party from reading and tampering with the FTP traffic.

That means, if you are using FTP over TLS, all traffic is encrypted end-to-end. FTP over TLS is for FTP what HTTPS is for web browsing. Not many websites use the old plain HTTP anymore, so, why should you still use the old plain FTP?

Tomorrow I will uninstall my virus protection (Kaspersky) and disabled windows firewall completely and see if that makes a difference.
This A/V software might include a firewall or port blocker, too.

Re: Cannot connect to ftp server

Posted: 2020-06-18 17:35
by James_liv
Ok update,

So I turned off all security features I could fine. I made the network profile public, switch bits on etc, made it private again. Turned off all virus killers.
Still the same, connection refused.

I switched to FTP over TLS and that connected (finally, progress) but it couldn't list the directories.

On the client side it says,

Connecting to **. **. **. **:990...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing of "/"...
Command: CWD /
Response: 250 CWD successful. "/" is current directory.
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (**. **. **.** ,195,94)
Command: MLSD
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing

I'm googling this but can't really find anything other than others have had similar problems

Any ideas?

Re: Cannot connect to ftp server

Posted: 2020-06-18 19:13
by boco
195,94 is port 50014. As that is well within your range, it looks like the data range forwarding didn't work correctly.

Re-check the rules in the router:
1. Did you remove the old triggering rules?
2. Did you actually forward a range of ports? The router should say so. Note that some cheap devices only allow forwarding single ports one-by-one.
3. Is the forwarding for TCP? FTP doesn't use UDP.

Re: Cannot connect to ftp server

Posted: 2020-06-18 22:58
by James_liv

So I've had some more success with this.

If I forward port 990 to internal port 21 I get this result.

If I have TLS mode on, use the custom port range But have IPv4 specific set to 'Default' and NOT 'Retrieve external IP from...' then it works on my andoid ftp apps even with the WiFi turned off.

On my work laptop, where I actually need it to work, it connects using Google chrome even when it's running through a 4G dongle and not my WiFi.

However, if I try to use filezilla it says either 'server sent passive reply with unrouteable address' or 'failed to retrieve director listing'.

It does work on filezilla if I change the encryption to 'only use plain FTP (insecure)'.

Id obviously prefer it not to be insecure if I can help it.

If I forward port 990 to 990 then it connects and only gets to the welcome message before I get 'login time exceeded' and times out. It never actually logs in.
As soon as i change the port forwarding back to 990 >21 the above happens and in Google I can access the server again.

Does that give you any idea what is wrong with it?

Re: Cannot connect to ftp server

Posted: 2020-06-19 12:34
by botg
Don't map 990 to 21, they are intended for different protocols.

Forward 990 to 990 and 21 to 21.

If it only works if you use plain insecure FTP, then there's a malicious firewall or NAT router inspecting and modifying traffic.

Have you tried plugging the server directly into your internet modem, thus bypassing your NAT router?

Re: Cannot connect to ftp server

Posted: 2020-06-19 13:50
by James_liv

If I map 990 to 990 and 21 to 21 then no matter what settings it seems to timeout after receiving the ftp welcome message.

My router is the same router as per my previous setup and nothing has changed. it worked before and so I'm reasonably confident that it's not a router issue.

I've disabled both antivirus and also firewall and still get the same issue.