425 rejected data connection for transfer

[drawntogether]

I have a user who cannot upload data to the server. I tested with their credentials and it works fine for me but not for them. Here is a log of when they connect.

Code: Select all

000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> Connected on port 21, sending welcome message...
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> 220-FileZilla Server 0.9.60 beta
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> 220 Please visit https://filezilla-project.org/
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> AUTH TLS
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> 234 Using authentication type TLS
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> TLS connection established
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> USER username
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> 331 Password required for username
(000015)3/27/2024 3:10:30 AM - (not logged in) (xx.xx.xx.xx)> PASS ********************
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 230 Logged on
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> PBSZ 0
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 200 PBSZ=0
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> PROT P
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 200 Protection level set to P
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> FEAT
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 211-Features:
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  MDTM
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  REST STREAM
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  SIZE
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  MLST type*;size*;modify*;
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  MLSD
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  AUTH SSL
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  AUTH TLS
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  PROT
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  PBSZ
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  UTF8
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  CLNT
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  MFMT
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  EPSV
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)>  EPRT
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 211 End
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> TYPE A
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 200 Type set to A
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> PASV
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 227 Entering Passive Mode (192,168,25,6,0,22)
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> STOR FILE.TXT
(000015)3/27/2024 3:10:30 AM - username (xx.xx.xx.xx)> 425 Rejected data connection for transfer of "/FILE.TXT", IP addresses of control and data connection do not match
(000015)3/27/2024 3:10:31 AM - username (xx.xx.xx.xx)> disconnected.

This is a log of me using the same username and password

Code: Select all

(000012)3/26/2024 12:46:27 PM - (not logged in) (xx.xx.xx.xx)> Connected on port 21, sending welcome message...
(000012)3/26/2024 12:46:27 PM - (not logged in) (xx.xx.xx.xx)> 220-FileZilla Server 0.9.60 beta
(000012)3/26/2024 12:46:27 PM - (not logged in) (xx.xx.xx.xx)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000012)3/26/2024 12:46:27 PM - (not logged in) (xx.xx.xx.xx)> 220 Please visit https://filezilla-project.org/
(000012)3/26/2024 12:46:28 PM - (not logged in) (xx.xx.xx.xx)> AUTH TLS
(000012)3/26/2024 12:46:28 PM - (not logged in) (xx.xx.xx.xx)> 234 Using authentication type TLS
(000012)3/26/2024 12:46:28 PM - (not logged in) (xx.xx.xx.xx)> TLS connection established
(000012)3/26/2024 12:46:30 PM - (not logged in) (xx.xx.xx.xx)> USER username
(000012)3/26/2024 12:46:30 PM - (not logged in) (xx.xx.xx.xx)> 331 Password required for username
(000012)3/26/2024 12:46:30 PM - (not logged in) (xx.xx.xx.xx)> PASS ********************
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 230 Logged on
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> SYST
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 215 UNIX emulated by FileZilla
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> FEAT
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 211-Features:
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  MDTM
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  REST STREAM
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  SIZE
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  MLST type*;size*;modify*;
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  MLSD
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  AUTH SSL
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  AUTH TLS
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  PROT
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  PBSZ
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  UTF8
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  CLNT
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  MFMT
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  EPSV
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)>  EPRT
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 211 End
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> PBSZ 0
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 200 PBSZ=0
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> PROT P
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 200 Protection level set to P
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> PWD
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 257 "/" is current directory.
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> TYPE I
(000012)3/26/2024 12:46:30 PM - username (xx.xx.xx.xx)> 200 Type set to I
(000012)3/26/2024 12:46:31 PM - username (xx.xx.xx.xx)> PASV
(000012)3/26/2024 12:46:31 PM - username (xx.xx.xx.xx)> 227 Entering Passive Mode (192,168,25,6,0,22)
(000012)3/26/2024 12:46:31 PM - username (xx.xx.xx.xx)> MLSD
(000012)3/26/2024 12:46:31 PM - username (xx.xx.xx.xx)> 150 Opening data channel for directory listing of "/"
(000012)3/26/2024 12:46:31 PM - username (xx.xx.xx.xx)> TLS connection for data connection established
(000012)3/26/2024 12:46:31 PM - username (xx.xx.xx.xx)> 226 Successfully transferred "/FILE.TXT"
(000013)3/26/2024 12:46:52 PM - (not logged in) (xx.xx.xx.xx)> Connected on port 21, sending welcome message...
(000013)3/26/2024 12:46:52 PM - (not logged in) (xx.xx.xx.xx)> 220-FileZilla Server 0.9.60 beta
(000013)3/26/2024 12:46:52 PM - (not logged in) (xx.xx.xx.xx)> 220-written by Tim Kosse

I only have one IP. and testing with their login and transferring a file works fine. The first log is a user with multiple IPs. They are whitelisted (both IPs they are using) and they can log it but not xfer. How come?

[boco]

Unsupported Server version. Please update to 1.8.1 first. Then, read Network Configuration.

[drawntogether]

Thanks. I have upgraded it is working now.

[drawntogether]

Thought maybe I had it working. Last night after testing 20 times to connect it worked fine. I let it set over night and it connects and stops at directory reading.

Code: Select all

Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is current directory.
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode (xx.xx.xx..xx,31) <- what should this IP be our internal LAN IP or our EXTERNAL IP I notice the number after the IP changes I'm not sure if that is a incoming/outoging port
Command:	MLSD
Response:	150 About to start data transfer.

After MLSD is set, it hangs then times out. I noticed on windows firewall I need to allow all ports for incoming, if I don't it fails so I check wireshark. The initial client request is coming in on port 21 but then the remainder of the connection is random 50xxx ports. Is this normal? I haven't messed with FTP in ages to understand it as much as I would like

[boco]

All directory listings and transfers (technically, directory listings are also transfers) use data ports from your data port range. For the Server, you need to

- set this to a sane value in the settings (number of listings+transfers done in 4 minutes*) for Passive transfers (Active is configured on the client),
- open ever port from that range in the firewall, in addition to 21,
- forward the complete range in the router, in addition to 21
- tell the Server your external IP in the settings, or a hostname that resolves to said IP.

That's why I linked to Network Configuration, all is explained there.


*4 minutes is the time any used socket (IP:port combination) is in a wait state, after that it's usable again.