550: Unable to open Directory list

[Emersand12]

I keep getting this error on my server when I try connecting from a client. The connection is good and I have already tried using plain FTP connection and I've tried switching to active mode. Neither work. This is v1.1. The firewall has been setup to allow the ports thru. I'm not sure why I keep getting this error. Any ideas?

[oibaf]

Which server? FileZilla? Which version of it? Which client? Can you post the log both of the client and the server? If it's the FileZilla server, how have you configured it?

[Emersand12]

Which server? Filezilla Server FileZilla? Yes Which version of it? v1.1.0 Which client? Filezilla Client v3.56.2 Can you post the log both of the client and the server? I don't have a log file of it but I'll try to get one later. If it's the FileZilla server, how have you configured it? Pretty much default settings except using a range of 10 ports i chose that i forwarded thru my router

[vider]

I am also having trouble getting directory list.

Windows 10 Pro
Filezilla Server - 1.1.0 (latest at time of post)
FilezillaPro client - 3.56.2 (latest at time of post)
Norton - without automatic program control - I decide what is allowed or blocked.
Asus RT-AX86U router - I'm using port 15922 and have that forwarded to correct PC (reserved IP)

I can connect to the server fine locally or remotely (DDNS) but as soon as it tries to list the contents of the directory, it fails.

I have tried so many things:
pasv/active
Port range forwarding (custom range) (router & server)
port triggering (router)
Virtual Path (using / & \) Native Path (/ & \)

I can't get it to work. It is frustrating because setting up an FTP has never been an issue for me.
I'm starting to think that I have to address the issue at the router, but I'm not sure what else to try.

Code: Select all

Status:	Connecting to XXX.XXX.XXX.XXX:15922...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is current directory.
Command:	TYPE I
Response:	200 Type set to I
Command:	PORT 184,71,65,102,191,104
Response:	200 PORT command successful.
Command:	MLSD
Response:	150 Starting data transfer.
Response:	425 Unable to build data connection: ECONNREFUSED - Connection refused by server
Error:	Failed to retrieve directory listing

Any help would be appreciated.
Thanks.

[botg]

Please have a look at our Network Configuration guide.

[vider]

The fix for me was on the router.

Port triggering, not just port forwarding worked for me.

I forwarded my FTP port (15922) and setup port trigger on the same port number.
Now it's working as expected.

Thanks for your help.

[botg]

Port triggering, such a prime example of security by obscurity.

Follow this threat-model: Always assume the attacker knows every thing about you already, except passwords and private keys.

[mikeshick]

I'm getting the 425 Can't open data connection for transfer of "/" error.

I cannot figure out how to setup my nighthawk RAX50 to work properly.

I can enter the server by entering local ip address, but I cannot through external port.

Vider says port trigger worked, but I don't know how to set this up.

Any ideas?

[vider]

Correction:

I assumed too much.
It works locally now, but I'm still having the issue from the WAN side.

As a test, I turned on DMZ for my FTP PC in router, disabled Norton firewall (briefly to test) and still couldn't open a data connection.
Connects to the server, but can't open directory list.

With port triggering, it now works over LAN, but not remote. I'm getting frustrated.

Can this be a bug?

One way to find out.
Time to try and setup a different FTP server.
Any recommendations? (no time for humor please)

[boco]

With port triggering, it now works over LAN, but not remote. I'm getting frustrated.

Apart from the fact that port triggering does usually not work well for FTP, connecting and transferring files in LAN does not involve the router at all. In other words, port forwarding in the router is done for external access only. What's important is opening the ports in the firewall(s).

General configuration:

For Passive mode, the listening port and data port range (recommended 100 ports or more) need to be opened in the server machine's firewall. Ports must be statically forwarded in the server network's router. FileZilla Server must know its external IP address(es).

However. the log you posted shows Active mode being used (PORT). For Active mode, the listening port still needs to be forwarded and opened on the server side. But, contrary to the recommended Passive mode, the data ports need to be defined, opened and forwarded on the client side. And it needs to be done by every client connecting. Active mode is very firewall unfriendly.


Hard solution: Configure FileZilla Client and the client network for forwarding and opening the data ports correctly.

Probably much easier solution: Simply reconfigure FileZilla Client so it uses Passive mode. Your server-side configuration of data ports only applies to Passive mode (PASV or EPSV).

[vider]

With firewall disabled at both ends.
Yes, my DNS resolves my external IP correctly in both examples.

client set to PASV in FilezillaPro settings and connection settings:

Code: Select all

Status:	Resolving address of <MY-DNS>.ddns.net
Status:	Connecting to <External IP>:15922...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Server sent passive reply with unroutable address. Passive mode failed.
Error:	Failed to retrieve directory listing

client set to Active in FilezillaPro settings and connection settings:

Code: Select all

Status:	Resolving address of <MY-DNS>.ddns.net
Status:	Connecting to <External IP>:15922...
Status:	Connection established, waiting for welcome message...
Status:	Initializing TLS...
Status:	Verifying certificate...
Status:	TLS connection established.
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is current directory.
Command:	TYPE I
Response:	200 Type set to I
Command:	PORT 184,71,65,102,189,238
Response:	200 PORT command successful.
Command:	MLSD
Response:	150 Starting data transfer.
Response:	425 Unable to build data connection: ECONNREFUSED - Connection refused by server
Error:	Failed to retrieve directory listing
Status:	Disconnected from server

I'll try to play with settings on the server and see if I get anywhere.

No luck until I DMZed my server PC in the router. At least this does tell me that the problem is on the router.
DMZ isn't something I'd like to keep enabled though. More reading to do.

[oibaf]

Please, have a look at the "PASV" settings page in the Administration Interface. You should input in there the public IP or hostname your server is responding to.

[botg]

What the new server still misses is strongly-worded warnings shown at admin-connection establishment such as the unroutable address warnings the old server shows when no routable address has been configured.