421 Could not create socket

Need help with FileZilla Server? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
emrrfc
504 Command not implemented
Posts: 8
Joined: 2018-09-24 15:37
First name: Robert
Last name: Chapie

421 Could not create socket

#1 Post by emrrfc » 2018-09-24 16:06

Hello,

We are experiencing occasional 421 Could not create socket notices. This is causing some of our ftp jobs to fail and need to be resent. We are a low volume user, around 40 logins daily transferring 5 files. The files vary in size from 500K to 15-20 meg. The connections are spaced out through the day so they don't all hit at once. We are using the current version 0.9.60.2. We are using passive mode without specifying a port range since everything is internal, no external connections to the internet, everything is open. Here is a sample of what we are seeing. I have changed the login and ip address. When the PASV command is issued is the could not create socket coming from my FTP server or the client? Should I define a port range for Filezilla to use?


(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 230 Logged on
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> CWD \
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 250 CWD successful. "/" is current directory.
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> TYPE I
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 200 Type set to I
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> PASV
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 421 Could not create socket.
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> QUIT
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> 221 Goodbye
(004272) 9/21/2018 8:45:21 AM - anyftp (11.200.10.245)> disconnected.

Thanks

Rob

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: 421 Could not create socket

#2 Post by boco » 2018-09-24 17:30

We are using passive mode without specifying a port range since everything is internal, no external connections to the internet, everything is open.
Consider limiting the Passive range to 49152-65535, even if it is internal. The reason is that only the mentioned range is most probably unused (meant for temporary, ephemeral usage). All lower ports might at least be occupied partially by other services. When FileZilla tries to create a passive socket on such an occupied or blocked port, the result is the error 421 as you experienced.

Things to consider:
- Antivirus programs or other security software can block sockets. Sockets can also be occupied by other services.
- The error shown starts with a "4", thus it is of temporary nature. In such situations, your scripts should simply retry the transfer. Aborting the scrips is only correct in case of errors starting with "5" (permanent error).
When the PASV command is issued is the could not create socket coming from my FTP server or the client?
Lines starting with a response code always come from the server.


Btw. you don't need to obfuscate internal IP addresses (starting with 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). These are not unique in any way and cannot be used for identification.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: 421 Could not create socket

#3 Post by botg » 2018-09-24 18:51

Consider limiting the Passive range to 49152-65535, even if it is internal. The reason is that only the mentioned range is most probably unused (meant for temporary, ephemeral usage). All lower ports might at least be occupied partially by other services. When FileZilla tries to create a passive socket on such an occupied or blocked port, the result is the error 421 as you experienced.
That's no longer necessary since version 0.9.51, since then if no range has been manually been configured, 49152 through 65535 is used.
FileZilla Server allocates ports in a manner that automatically prevents reuse of ports within the mandatory TIME_WAIT interval (see TCP RFCs). In case a port is selected that is already used by a program other than FileZilla Server, it retries up to 15 times to find an alternative before giving up.

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: 421 Could not create socket

#4 Post by boco » 2018-09-24 19:38

In that case, AV interfering.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

emrrfc
504 Command not implemented
Posts: 8
Joined: 2018-09-24 15:37
First name: Robert
Last name: Chapie

Re: 421 Could not create socket

#5 Post by emrrfc » 2018-09-25 14:26

Thanks for the replies. We are using Symantec Endpoint Protection. Can I put in an exclusion for ports 49152 through 65535?

User avatar
botg
Site Admin
Posts: 35507
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: 421 Could not create socket

#6 Post by botg » 2018-09-25 19:21

Worth a try.

emrrfc
504 Command not implemented
Posts: 8
Joined: 2018-09-24 15:37
First name: Robert
Last name: Chapie

Re: 421 Could not create socket

#7 Post by emrrfc » 2019-01-18 16:23

I was able to get Symantec turned off and I am still getting random 421 Could not create socket errors. Next thing to try is putting in a custom port range of 52,000 to 53,000. My other thought is to go to a slightly older release. Any other suggestions?

Thanks

Rob

User avatar
boco
Contributor
Posts: 26910
Joined: 2006-05-01 03:28
Location: Germany

Re: 421 Could not create socket

#8 Post by boco » 2019-01-20 23:51

Older releases are not supported, so, we cannot recommend nor help with that.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org

emrrfc
504 Command not implemented
Posts: 8
Joined: 2018-09-24 15:37
First name: Robert
Last name: Chapie

Re: 421 Could not create socket

#9 Post by emrrfc » 2019-01-31 16:00

Hi,

I'm going to close the loop on this issue. I disabled Symantec and I still received the 421 socket error. I then set the passive range to 52,000 -- 53,000. No 421 socket errors for almost 2 weeks.

Rob

Post Reply