Error opening Data channel...
Moderator: Project members
-
- 504 Command not implemented
- Posts: 6
- Joined: 2023-02-09 08:38
- First name: Markus
- Last name: P
Error opening Data channel...
Hi!
I have a strange issue here.
We are triggering two FTP Transfers from one Sourcefile on our SAN Storage (Quantum StorNext Filesystem) to two seperate Servers from two FTP Servers (Filezilla Server V0.95Beta running as a Service).
These FTP Jobs were triggered by our content management system which gave each FTP it's Job.
This workflows works fine for years (with this 0.95beta).
Now we have the case that sometimes the second FTP transfer fails with the error message:
"Error opening Data channel to..."
Here is a screenshot of the Log: If we trigger the second failed FTP a few minutes again, no problem!
For me It looks like a racecondition problem or something with parallel file access on the source Volume when both FTPs are grabbing the same source file!?
But the StoreNext Filesystem allows parallel Fileaccess and the transfers are short after another NOT parallel!
Look at the start and end timestamps of
Transfer1 (start 18:09:34 end: 18:10:07) and
Transfer2 (start 18:10:25 end: 18:10:49)
The second Transfer starts 18Seconds after the first was finished.
This is a simple sketch of the Transfer workflow:
As I said before this works in 80% of the Transfers but not always....
Any ideas?
Thx a lot!
I have a strange issue here.
We are triggering two FTP Transfers from one Sourcefile on our SAN Storage (Quantum StorNext Filesystem) to two seperate Servers from two FTP Servers (Filezilla Server V0.95Beta running as a Service).
These FTP Jobs were triggered by our content management system which gave each FTP it's Job.
This workflows works fine for years (with this 0.95beta).
Now we have the case that sometimes the second FTP transfer fails with the error message:
"Error opening Data channel to..."
Here is a screenshot of the Log: If we trigger the second failed FTP a few minutes again, no problem!
For me It looks like a racecondition problem or something with parallel file access on the source Volume when both FTPs are grabbing the same source file!?
But the StoreNext Filesystem allows parallel Fileaccess and the transfers are short after another NOT parallel!
Look at the start and end timestamps of
Transfer1 (start 18:09:34 end: 18:10:07) and
Transfer2 (start 18:10:25 end: 18:10:49)
The second Transfer starts 18Seconds after the first was finished.
This is a simple sketch of the Transfer workflow:
As I said before this works in 80% of the Transfers but not always....
Any ideas?
Thx a lot!
Re: Error opening Data channel...
The version of FileZilla Server you're using is very much outdated and not supported any longer.
You should install the latest available one, which at the moment is 1.6.6. Mind you this is a total rewrite of the server, and in some specific areas not compatible 100% with the old one, specifically about file permissions.
You should install the latest available one, which at the moment is 1.6.6. Mind you this is a total rewrite of the server, and in some specific areas not compatible 100% with the old one, specifically about file permissions.
-
- 503 Bad sequence of commands
- Posts: 18
- Joined: 2022-12-02 16:11
- First name: Marco
- Last name: Gomes
Re: Error opening Data channel...
hello,
did you take a look to version history: https://filezilla-project.org/versions.php?type=server ?
You use the version: 0.9.50 (2015-03-19)
The latest version 0.9.x is 0.9.60.2 (2017-02-08)
Maybe one of this correction solve your problem:
- 0.9.51 (2015-05-06) FileZilla Server now randomizes the port used for passive mode transfers to mitigate data connection stealing when using plain FTP
- 0.9.51 (2015-05-06) Added option to force TLS session resumption on the data connection to prevent data connection stealing
- 0.9.54 (2015-11-30) Waiting for transfers to finish when taking the server offline now correctly closes the sockets
- 0.9.58 (2016-08-11) fix 'Fixed potential crash if closing connections with pending socket messages'
If you can't change version, try to let 2-3min between each new connection: old socket connection will be closed by timeout, if filezilla or client not closed it correctly.
did you take a look to version history: https://filezilla-project.org/versions.php?type=server ?
You use the version: 0.9.50 (2015-03-19)
The latest version 0.9.x is 0.9.60.2 (2017-02-08)
Maybe one of this correction solve your problem:
- 0.9.51 (2015-05-06) FileZilla Server now randomizes the port used for passive mode transfers to mitigate data connection stealing when using plain FTP
- 0.9.51 (2015-05-06) Added option to force TLS session resumption on the data connection to prevent data connection stealing
- 0.9.54 (2015-11-30) Waiting for transfers to finish when taking the server offline now correctly closes the sockets
- 0.9.58 (2016-08-11) fix 'Fixed potential crash if closing connections with pending socket messages'
If you can't change version, try to let 2-3min between each new connection: old socket connection will be closed by timeout, if filezilla or client not closed it correctly.
Re: Error opening Data channel...
Do not use 0.9.x, it is insecure due to its outdated TLS libraries.
-
- 504 Command not implemented
- Posts: 6
- Joined: 2023-02-09 08:38
- First name: Markus
- Last name: P
Re: Error opening Data channel...
Thank you all so far very much for your support!!
I am thinking about an update now.
The reason I didn't do that earlier is that we have a complete "frozen" production environment here.
It's build up by a company and every component was choosen well to match the requiremnts of the software and interfaces on both sides.
Sometimes its dangerous to change something (in a running system)...
But something must have changed in this system environment that we have now this issues.
Cheers!
I am thinking about an update now.
The reason I didn't do that earlier is that we have a complete "frozen" production environment here.
It's build up by a company and every component was choosen well to match the requiremnts of the software and interfaces on both sides.
Sometimes its dangerous to change something (in a running system)...
But something must have changed in this system environment that we have now this issues.
Cheers!
Re: Error opening Data channel...
Never patch a system that has not yet been compromised
-
- 504 Command not implemented
- Posts: 6
- Joined: 2023-02-09 08:38
- First name: Markus
- Last name: P
Re: Error opening Data channel...
Now I already upgraded to Server 1.6.6 but get an Error when transfering:
"Data peer differs from control peer" These are my settings for the Userrights: Or is this a Port porblem?
Thank you all!
"Data peer differs from control peer" These are my settings for the Userrights: Or is this a Port porblem?
Thank you all!
Re: Error opening Data channel...
The client is opening the data connection using a different IP than the one used for the control connection: this is not supported for security reasons.
The problem is most likely happening because the machine which the client is running on has multiple network interfaces and, when opening the data connection to the server, it doesn't perform a bind() to the control connection's address.
The new FileZilla Server is quite strict about such requirements, merely for security reasons.
The problem is most likely happening because the machine which the client is running on has multiple network interfaces and, when opening the data connection to the server, it doesn't perform a bind() to the control connection's address.
The new FileZilla Server is quite strict about such requirements, merely for security reasons.
-
- 504 Command not implemented
- Posts: 6
- Joined: 2023-02-09 08:38
- First name: Markus
- Last name: P
Re: Error opening Data channel...
Thank you! This is how I understood this message too but I didn't find a Setting to configure those Ip's seperatly!?
Do you know more?
Do you know more?
-
- 503 Bad sequence of commands
- Posts: 18
- Joined: 2022-12-02 16:11
- First name: Marco
- Last name: Gomes
Re: Error opening Data channel...
It's seems not a Filezilla problem, but a network problem.
Your computer seems have 2 different networks cards with with an ip on 172.16.38.x and 172.16.75.x.
Your server maybe is also on the network 172.16.38.x, so your computer use in priority this network to make the connection.
But your default gateway is on card with the IP 172.16.75.x ...
Disabling network card with ip 172.16.38.x will solved the problem, as your computer not need it to join your server.
On complex networks, the problem could also came from your routers... which can route networks by different path.
Your computer seems have 2 different networks cards with with an ip on 172.16.38.x and 172.16.75.x.
Your server maybe is also on the network 172.16.38.x, so your computer use in priority this network to make the connection.
But your default gateway is on card with the IP 172.16.75.x ...
Disabling network card with ip 172.16.38.x will solved the problem, as your computer not need it to join your server.
On complex networks, the problem could also came from your routers... which can route networks by different path.
Re: Error opening Data channel...
I am not sure what you mean with "I didn't find a Setting to configure those Ip's seperatly".markuz@gmx.de wrote: ↑2023-02-10 12:36Thank you! This is how I understood this message too but I didn't find a Setting to configure those Ip's seperatly!?
Do you know more?
The fix must be done in the program that is trying to exchange data with the FileZilla Server. When this program opens the data connection, it must do so by reusing the same source IP address that it used when it started the FTP session. It's its own IP address we're talking about here, not the FileZilla Server's one.
-
- 504 Command not implemented
- Posts: 6
- Joined: 2023-02-09 08:38
- First name: Markus
- Last name: P
Re: Error opening Data channel...
Okay, correct this machine has a bunch of network connections.
A teaming pair for an mdc net, a teaming pair for the public net...
but
I can't deactivate any of them AND
those IP's are from the source and destination servers in different subnets. ( ...75 .and .. .38...)
172.16.38.x source
172.16.75.x .. destination
with the old 0.95 this wasn't a problem.
How can I fix that?
any ideas?
A teaming pair for an mdc net, a teaming pair for the public net...
but
I can't deactivate any of them AND
those IP's are from the source and destination servers in different subnets. ( ...75 .and .. .38...)
172.16.38.x source
172.16.75.x .. destination
with the old 0.95 this wasn't a problem.
How can I fix that?
any ideas?
Re: Error opening Data channel...
How are you calling the server? Does the host name maybe resolve to all IPs assigned to that machine (e. g. if you're using only the computer name)? If you can control DNS in your environment, just define an A or AAAA record resolving only to the correct target IP(s) of the server. Additionally, change the listeners in the server from 0.0.0.0:21 / [::]:21 to the actual desired IPs:21. Then, the server will only listen on the correct sockets, and the new DNS name will only resolve to the same IPs. A mix-up shouldn't happen anymore.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Error opening Data channel...
@boco it's not the Server's address the problem, but the Client's one. The Client's machine has multiple NICs and when opening a new connection to the Server the OS chooses a source IP for the socket picking it randomly from the available ones. The client should bind the socket to the same source address as the one used for the control connection.
@markuz the most sensible option is to contact the support for the client program you're using and ask them to provide you with an updated version of the software that does the aforementioned binding. Another solution you might want to try is to forcefully bind the client program to just one network adapter, with an external program. Googling for "binding a nic to a program windows" gave some pointers to some free programs that do that. Haven't tried any of them and cannot guarantee the security of any of them, just mentioning this as a possible workaround for your case.
The 0.x versions of the FileZilla Server were using a more lax, but less secure, approach to this issue.
@markuz the most sensible option is to contact the support for the client program you're using and ask them to provide you with an updated version of the software that does the aforementioned binding. Another solution you might want to try is to forcefully bind the client program to just one network adapter, with an external program. Googling for "binding a nic to a program windows" gave some pointers to some free programs that do that. Haven't tried any of them and cannot guarantee the security of any of them, just mentioning this as a possible workaround for your case.
The 0.x versions of the FileZilla Server were using a more lax, but less secure, approach to this issue.
Re: Error opening Data channel...
Well, in that case, the client not binding to the same source address is a bug in the client.@boco it's not the Server's address the problem, but the Client's one. The Client's machine has multiple NICs and when opening a new connection to the Server the OS chooses a source IP for the socket picking it randomly from the available ones. The client should bind the socket to the same source address as the one used for the control connection.
The 0.9.x versions had a setting to relax this (number of octets that have to match). 1.x doesn't include that setting and all octets have to match.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org