Error opening Data channel...

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
markuz@gmx.de
504 Command not implemented
Posts: 6
Joined: 2023-02-09 08:38
First name: Markus
Last name: P

Error opening Data channel...

#1 Post by markuz@gmx.de » 2023-02-09 09:06

Hi!

I have a strange issue here.

We are triggering two FTP Transfers from one Sourcefile on our SAN Storage (Quantum StorNext Filesystem) to two seperate Servers from two FTP Servers (Filezilla Server V0.95Beta running as a Service).
These FTP Jobs were triggered by our content management system which gave each FTP it's Job.
This workflows works fine for years (with this 0.95beta).

Now we have the case that sometimes the second FTP transfer fails with the error message:
"Error opening Data channel to..."
Here is a screenshot of the Log:
bbbf216d-509d-4d5f-8c63-0b834ef03387.png
bbbf216d-509d-4d5f-8c63-0b834ef03387.png (80.58 KiB) Viewed 3981 times
If we trigger the second failed FTP a few minutes again, no problem!
For me It looks like a racecondition problem or something with parallel file access on the source Volume when both FTPs are grabbing the same source file!?
But the StoreNext Filesystem allows parallel Fileaccess and the transfers are short after another NOT parallel!
Look at the start and end timestamps of
Transfer1 (start 18:09:34 end: 18:10:07) and
Transfer2 (start 18:10:25 end: 18:10:49)
The second Transfer starts 18Seconds after the first was finished.

This is a simple sketch of the Transfer workflow:
2023-02-09 09_43_40-Der 2. Cliptransfer zum Playout bricht manchmal ab - Arvato Systems – Broadcast .png
2023-02-09 09_43_40-Der 2. Cliptransfer zum Playout bricht manchmal ab - Arvato Systems – Broadcast .png (194.32 KiB) Viewed 3981 times
As I said before this works in 80% of the Transfers but not always....

Any ideas?


Thx a lot!

User avatar
oibaf
Contributor
Posts: 398
Joined: 2021-07-16 21:02
First name: Fabio
Last name: Alemagna

Re: Error opening Data channel...

#2 Post by oibaf » 2023-02-09 09:23

The version of FileZilla Server you're using is very much outdated and not supported any longer.

You should install the latest available one, which at the moment is 1.6.6. Mind you this is a total rewrite of the server, and in some specific areas not compatible 100% with the old one, specifically about file permissions.

Marco G.
503 Bad sequence of commands
Posts: 18
Joined: 2022-12-02 16:11
First name: Marco
Last name: Gomes

Re: Error opening Data channel...

#3 Post by Marco G. » 2023-02-09 09:55

hello,
did you take a look to version history: https://filezilla-project.org/versions.php?type=server ?

You use the version: 0.9.50 (2015-03-19)
The latest version 0.9.x is 0.9.60.2 (2017-02-08)

Maybe one of this correction solve your problem:
- 0.9.51 (2015-05-06) FileZilla Server now randomizes the port used for passive mode transfers to mitigate data connection stealing when using plain FTP
- 0.9.51 (2015-05-06) Added option to force TLS session resumption on the data connection to prevent data connection stealing
- 0.9.54 (2015-11-30) Waiting for transfers to finish when taking the server offline now correctly closes the sockets
- 0.9.58 (2016-08-11) fix 'Fixed potential crash if closing connections with pending socket messages'

If you can't change version, try to let 2-3min between each new connection: old socket connection will be closed by timeout, if filezilla or client not closed it correctly.

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Error opening Data channel...

#4 Post by botg » 2023-02-09 11:32

Do not use 0.9.x, it is insecure due to its outdated TLS libraries.

markuz@gmx.de
504 Command not implemented
Posts: 6
Joined: 2023-02-09 08:38
First name: Markus
Last name: P

Re: Error opening Data channel...

#5 Post by markuz@gmx.de » 2023-02-09 11:44

Thank you all so far very much for your support!!
I am thinking about an update now.

The reason I didn't do that earlier is that we have a complete "frozen" production environment here.
It's build up by a company and every component was choosen well to match the requiremnts of the software and interfaces on both sides.
Sometimes its dangerous to change something (in a running system)...

But something must have changed in this system environment that we have now this issues.

Cheers!

User avatar
botg
Site Admin
Posts: 35509
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Error opening Data channel...

#6 Post by botg » 2023-02-09 12:17

Never patch a system that has not yet been compromised ;)

markuz@gmx.de
504 Command not implemented
Posts: 6
Joined: 2023-02-09 08:38
First name: Markus
Last name: P

Re: Error opening Data channel...

#7 Post by markuz@gmx.de » 2023-02-10 08:23

Now I already upgraded to Server 1.6.6 but get an Error when transfering:

"Data peer differs from control peer"
2023-02-10 09_17_32-mRemoteNG - AlleServerVPMS_etc.xml - SRV-VPMS-FP09.png
2023-02-10 09_17_32-mRemoteNG - AlleServerVPMS_etc.xml - SRV-VPMS-FP09.png (9.26 KiB) Viewed 3888 times
These are my settings for the Userrights:
2023-02-10 09_22_19-mRemoteNG - AlleServerVPMS_etc.xml - SRV-VPMS-FP09.png
2023-02-10 09_22_19-mRemoteNG - AlleServerVPMS_etc.xml - SRV-VPMS-FP09.png (28.59 KiB) Viewed 3888 times
Or is this a Port porblem?

Thank you all!

User avatar
oibaf
Contributor
Posts: 398
Joined: 2021-07-16 21:02
First name: Fabio
Last name: Alemagna

Re: Error opening Data channel...

#8 Post by oibaf » 2023-02-10 09:24

The client is opening the data connection using a different IP than the one used for the control connection: this is not supported for security reasons.

The problem is most likely happening because the machine which the client is running on has multiple network interfaces and, when opening the data connection to the server, it doesn't perform a bind() to the control connection's address.

The new FileZilla Server is quite strict about such requirements, merely for security reasons.

markuz@gmx.de
504 Command not implemented
Posts: 6
Joined: 2023-02-09 08:38
First name: Markus
Last name: P

Re: Error opening Data channel...

#9 Post by markuz@gmx.de » 2023-02-10 12:36

Thank you! This is how I understood this message too but I didn't find a Setting to configure those Ip's seperatly!?
Do you know more?

Marco G.
503 Bad sequence of commands
Posts: 18
Joined: 2022-12-02 16:11
First name: Marco
Last name: Gomes

Re: Error opening Data channel...

#10 Post by Marco G. » 2023-02-13 10:25

It's seems not a Filezilla problem, but a network problem.

Your computer seems have 2 different networks cards with with an ip on 172.16.38.x and 172.16.75.x.
Your server maybe is also on the network 172.16.38.x, so your computer use in priority this network to make the connection.
But your default gateway is on card with the IP 172.16.75.x ...
Disabling network card with ip 172.16.38.x will solved the problem, as your computer not need it to join your server.

On complex networks, the problem could also came from your routers... which can route networks by different path.

User avatar
oibaf
Contributor
Posts: 398
Joined: 2021-07-16 21:02
First name: Fabio
Last name: Alemagna

Re: Error opening Data channel...

#11 Post by oibaf » 2023-02-13 10:48

markuz@gmx.de wrote:
2023-02-10 12:36
Thank you! This is how I understood this message too but I didn't find a Setting to configure those Ip's seperatly!?
Do you know more?
I am not sure what you mean with "I didn't find a Setting to configure those Ip's seperatly".

The fix must be done in the program that is trying to exchange data with the FileZilla Server. When this program opens the data connection, it must do so by reusing the same source IP address that it used when it started the FTP session. It's its own IP address we're talking about here, not the FileZilla Server's one.

markuz@gmx.de
504 Command not implemented
Posts: 6
Joined: 2023-02-09 08:38
First name: Markus
Last name: P

Re: Error opening Data channel...

#12 Post by markuz@gmx.de » 2023-02-13 13:44

Okay, correct this machine has a bunch of network connections.
A teaming pair for an mdc net, a teaming pair for the public net...
2023-02-13 14_44_05-mRemoteNG - AlleServerVPMS_etc.xml - SRV-VPMS-FP09.png
2023-02-13 14_44_05-mRemoteNG - AlleServerVPMS_etc.xml - SRV-VPMS-FP09.png (10.06 KiB) Viewed 3804 times
but

I can't deactivate any of them AND
those IP's are from the source and destination servers in different subnets. ( ...75 .and .. .38...)

172.16.38.x source
172.16.75.x .. destination

with the old 0.95 this wasn't a problem.
How can I fix that?

any ideas?

User avatar
boco
Contributor
Posts: 26913
Joined: 2006-05-01 03:28
Location: Germany

Re: Error opening Data channel...

#13 Post by boco » 2023-02-13 14:16

How are you calling the server? Does the host name maybe resolve to all IPs assigned to that machine (e. g. if you're using only the computer name)? If you can control DNS in your environment, just define an A or AAAA record resolving only to the correct target IP(s) of the server. Additionally, change the listeners in the server from 0.0.0.0:21 / [::]:21 to the actual desired IPs:21. Then, the server will only listen on the correct sockets, and the new DNS name will only resolve to the same IPs. A mix-up shouldn't happen anymore.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

User avatar
oibaf
Contributor
Posts: 398
Joined: 2021-07-16 21:02
First name: Fabio
Last name: Alemagna

Re: Error opening Data channel...

#14 Post by oibaf » 2023-02-13 14:26

@boco it's not the Server's address the problem, but the Client's one. The Client's machine has multiple NICs and when opening a new connection to the Server the OS chooses a source IP for the socket picking it randomly from the available ones. The client should bind the socket to the same source address as the one used for the control connection.

@markuz the most sensible option is to contact the support for the client program you're using and ask them to provide you with an updated version of the software that does the aforementioned binding. Another solution you might want to try is to forcefully bind the client program to just one network adapter, with an external program. Googling for "binding a nic to a program windows" gave some pointers to some free programs that do that. Haven't tried any of them and cannot guarantee the security of any of them, just mentioning this as a possible workaround for your case.

The 0.x versions of the FileZilla Server were using a more lax, but less secure, approach to this issue.

User avatar
boco
Contributor
Posts: 26913
Joined: 2006-05-01 03:28
Location: Germany

Re: Error opening Data channel...

#15 Post by boco » 2023-02-13 17:09

@boco it's not the Server's address the problem, but the Client's one. The Client's machine has multiple NICs and when opening a new connection to the Server the OS chooses a source IP for the socket picking it randomly from the available ones. The client should bind the socket to the same source address as the one used for the control connection.
Well, in that case, the client not binding to the same source address is a bug in the client.

The 0.9.x versions had a setting to relax this (number of octets that have to match). 1.x doesn't include that setting and all octets have to match.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

Post Reply