SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Moderator: Project members
-
- 500 Command not understood
- Posts: 2
- Joined: 2016-01-20 07:33
- First name: Benny
- Last name: Bitan
SFTP problem:421 Rejected command, requested IP address does not match control connection IP
(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> USER user
(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> 331 Password required for user
(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> PASS *******
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 230 Logged on
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> SYST
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 215 UNIX emulated by FileZilla
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> FEAT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 211-Features:
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MDTM
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> REST STREAM
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> SIZE
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MLST type*;size*;modify*;
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MLSD
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> AUTH SSL
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> AUTH TLS
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PROT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PBSZ
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> UTF8
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> CLNT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MFMT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> EPSV
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> EPRT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 211 End
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PBSZ 0
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 PBSZ=0
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PROT P
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 Protection level set to P
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> CLNT Total Commander (UTF-8)
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 Don't care
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> OPTS UTF8 ON
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 202 UTF8 mode is always enabled. No need to send this command.
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> PWD
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 257 "/" is current directory.
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> TYPE A
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 200 Type set to A
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> PORT 192,XX,XX,XX,240,140
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 421 Rejected command, requested IP address does not match control connection IP.
FileZilla Server 0.9.54 beta
Why the server is trying to connect my internal IP address?
(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> 331 Password required for user
(000377)20/01/2016 09:20:37 - (not logged in) (62.XX.XX.XX)> PASS *******
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 230 Logged on
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> SYST
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 215 UNIX emulated by FileZilla
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> FEAT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 211-Features:
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MDTM
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> REST STREAM
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> SIZE
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MLST type*;size*;modify*;
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MLSD
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> AUTH SSL
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> AUTH TLS
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PROT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PBSZ
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> UTF8
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> CLNT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> MFMT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> EPSV
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> EPRT
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 211 End
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PBSZ 0
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 PBSZ=0
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> PROT P
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 Protection level set to P
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> CLNT Total Commander (UTF-8)
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 200 Don't care
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> OPTS UTF8 ON
(000377)20/01/2016 09:20:37 - user (62.XX.XX.XX)> 202 UTF8 mode is always enabled. No need to send this command.
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> PWD
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 257 "/" is current directory.
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> TYPE A
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 200 Type set to A
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> PORT 192,XX,XX,XX,240,140
(000377)20/01/2016 09:20:38 - user (62.XX.XX.XX)> 421 Rejected command, requested IP address does not match control connection IP.
FileZilla Server 0.9.54 beta
Why the server is trying to connect my internal IP address?
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Note that you are using FTP over TLS (FTPS), not SFTP (SSH File Transfer Protocol). These are two completely different protocols that have absolutely nothing in common if you look past tehs imilar name and purpose.
It isn't. Your client is telling your server to connect to the client's internal IP address, which the server rejects due to it being impossible.Why the server is trying to connect my internal IP address?
Last edited by boco on 2016-01-20 09:18, edited 1 time in total.
Reason: Corrected typo.
Reason: Corrected typo.
-
- 500 Command not understood
- Posts: 2
- Joined: 2016-01-20 07:33
- First name: Benny
- Last name: Bitan
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
how do i prevent my client to tell my server to connect to the client's internal IP address?
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Probably by configuring it correctly. I'm not familiar with your particular client.
Please carefully study the Network Configuration guide. While it has been written for FileZilla and FileZilla Server, the general concepts it talks about are valid for all FTP products.
Please carefully study the Network Configuration guide. While it has been written for FileZilla and FileZilla Server, the general concepts it talks about are valid for all FTP products.
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Tell your client to use Passive Mode. Provided the FileZilla Server is configured correctly, that's a much better choice.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 2
- Joined: 2018-09-04 19:20
- First name: Jamie
- Last name: Lealess
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Morning i am having a similar issue.
i get the following error
user (96.1.X.X) 227 entering passive mode (192.168.X.X,239.65)
user (96.1.X.X) PORT 207.x.x.x, 221,62
user (96.1.X.X) 421 Rejected command, requested IP address does not match control connection IP
This has been running fine for 6 weeks then i get this error all of a sudden
i get the following error
user (96.1.X.X) 227 entering passive mode (192.168.X.X,239.65)
user (96.1.X.X) PORT 207.x.x.x, 221,62
user (96.1.X.X) 421 Rejected command, requested IP address does not match control connection IP
This has been running fine for 6 weeks then i get this error all of a sudden
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
The server doesn't tell the client its public IP address, only the private-range LAN one (incorrect configuration). Since connecting to that address is impossible, client falls back to Active Mode (PORT). As the client isn't configured correctly, either, the connection fails.
Please read Network Configuration and configure the server properly.
Please read Network Configuration and configure the server properly.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 9
- Joined: 2018-10-29 14:57
- First name: Jonathan
- Last name: Fletcher
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Me, too.
I read the Network Configuration document and I still can't tell what I am doing wrong. CyberDuck connects and works perfectly on passive mode. Attempting to connect with cURL, though, connects, authenticates, switches directory successfully and then fails with this:
bind(port=0) on non-local address failed: Can't assign requested address
EPRT |1|0.0.8.174|52354|
421 Rejected command, requested IP address does not match control connection IP.
We got a 421 - timeout!
Suggestions?
TIA!
I read the Network Configuration document and I still can't tell what I am doing wrong. CyberDuck connects and works perfectly on passive mode. Attempting to connect with cURL, though, connects, authenticates, switches directory successfully and then fails with this:
bind(port=0) on non-local address failed: Can't assign requested address
EPRT |1|0.0.8.174|52354|
421 Rejected command, requested IP address does not match control connection IP.
We got a 421 - timeout!
Suggestions?
TIA!
-
- 504 Command not implemented
- Posts: 9
- Joined: 2018-10-29 14:57
- First name: Jonathan
- Last name: Fletcher
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
So, where did that address come from?
-
- 504 Command not implemented
- Posts: 9
- Joined: 2018-10-29 14:57
- First name: Jonathan
- Last name: Fletcher
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
So are you saying that the IP address can be specified through a cURL option? Should I send an address for it to work? I am not currently specifying anything. I don't recognize that address and I have no idea where it came from.
I don't have access to the FileZilla server, but should I tell the client's IT person who set it up to change a setting in FileZilla? What would that be?
I don't have access to the FileZilla server, but should I tell the client's IT person who set it up to change a setting in FileZilla? What would that be?
-
- 504 Command not implemented
- Posts: 9
- Joined: 2018-10-29 14:57
- First name: Jonathan
- Last name: Fletcher
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
I don't understand what you mean by your last reply, Tim. Can you elaborate?
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Two things here:
I hope it can be specified in curl, otherwise using active mode FTP with curlwould be completely impossible if the client is behind a NAT router.
The other thing is, why does it pick up this exotic special purpose address? I've never seen this address family been used before. Two possible reasons for this: A bug in curl, or a malicious firewall tampering with network traffic.
I hope it can be specified in curl, otherwise using active mode FTP with curlwould be completely impossible if the client is behind a NAT router.
The other thing is, why does it pick up this exotic special purpose address? I've never seen this address family been used before. Two possible reasons for this: A bug in curl, or a malicious firewall tampering with network traffic.
-
- 504 Command not implemented
- Posts: 9
- Joined: 2018-10-29 14:57
- First name: Jonathan
- Last name: Fletcher
Re: SFTP problem:421 Rejected command, requested IP address does not match control connection IP
Your guesses look better than mine. I'm going to go with the firewall issue.The other thing is, why does it pick up this exotic special purpose address? I've never seen this address family been used before. Two possible reasons for this: A bug in cURL, or a malicious firewall tampering with network traffic.
So, is that supposed to be MY IP address in that spot?
Also, you said "active mode." I am able to connect with another FTP client in passive mode, so I was assuming it was passive. Does that sound right to you?
If I used the FileZilla client are there features that can help me troubleshoot this situation?