Page 1 of 1

425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-10-28 12:13
by syahmed
I have a AWS Instance which is behind the fortigate firewall. The FTP does not work if the instance is behind the firewall and below are the errors I get on Client and Server of Filezilla

On the CLient Side
Response: 227 Entering Passive Mode
Command: MLSD
425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing

ON the server side
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> 230 Logged on
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> PWD
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> 257 "/" is current directory.
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> TYPE I
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> 200 Type set to I
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> PASV
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> 227 Entering Passive Mode (IP Address)
(000042)28/10/2020 15:09:52 PM - geidea (172.32.1.10)> MLSD
(000042)28/10/2020 15:10:02 PM - geidea (172.32.1.10)> 425 Can't open data connection for transfer of "/"

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-10-28 14:40
by botg
All diagnostic information has been corrupted. Please post a complete an unmodified log.

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-11-01 12:31
by syahmed
Logs attached for the error.

Status: Connecting to 18.190.140.8:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (172,32,0,10,198,99)
Command: MLSD
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-11-02 00:19
by boco
The IP shown in the PASV response is incorrect, 172.32.0.10 is a private IP address (former private Class B range). That IP will not work over the Internet.

You must have the server return the public IP in the PASV response, which would be 18.190.140.8. As you say this is an actual web server (with a static IP), just enter that IP into the "Use the following IP" field (FileZilla Server Passive settings).

And, you should really activate and use FTP over TLS.

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-11-02 03:33
by syahmed
I have done that already and still the same issue.

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-11-02 03:36
by syahmed
And another strange thing that I have noticed is that when I use port 2121 as a listener on the FTP server and use the same on the FTP client, it works perfectly fine.

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-11-02 04:00
by boco
In that case, your firewall fucks it up. Unfortunately, that's a common occurrence. Using a different port from the default (firewall watches only default ports) and/or using FTP over TLS (FTPS, firewall cannot read traffic) will work around this.

Read the chapter about malicious firewalls in the Network Configuration.

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-11-03 11:53
by syahmed
I have configured another similar Fortigate FIrewall and an a new AWS Instance is behind this firewall. File Zilla Server is installed and configured on this AWS instance and now I am able to successfully connect and establish the connection using port 21. Where as in the previous scenario I was unable to connect using the same scenario and port 21.

FTP Client results from successful connection:
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful


FTP Client results from unsuccessful connection:
Status: Connecting to 18.190.140.8:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (172,32,0,10,195,114)
Command: MLSD
Response: 425 Can't open data connection for transfer of "/"
Error: Failed to retrieve directory listing

Re: 425 Can't open data connection for transfer of "/" Error:Failed to retrieve directory listing

Posted: 2020-11-03 12:02
by syahmed
and on the successful connection this is something I have found different: