Question

Locked

FTP server showing the error message: 425 Cant open data connection.

By sparadrapo ·
To someone that know about it.

I have a FTP Server (FileZilla) running over Win2003 with a Zyxel-700 router and i have a SDSL connection.

The NAT in the router is ok, ports from 20 to 25 are open. And ports from 1024 to 3380 are also open and all of those ports just said are pointing to Server IP.

I have made some tests and from inside of my network the FTP works well. I can see the directory and download the files.

Every time a external pc try to reach my FTP directory even via I.E. i instantly see in my ftp window messagens say that the user logged some times the one is able to see the list directory some times it doesnt. And a messagem appears to me.

425 Cant open data connection.

I got in touch with my ISP to make sure they dont block this kind of service as it is common, but i was told that, as we have a sDSL service running and also ISDN lines, no restriction is imposed from then.

So i would be glad to hear from someone, more experienced than me, a word that could resolve this problem.

Thanks in advance guys,

D. Furniel

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Active versus Passive FTP

by robo_dev In reply to FTP server showing the er ...

For Active connections open ports 20 and 21

For Passive connections open ports 21 and 1024+ (and higher).

Make sure passive-mode is enabled in the server if the client is trying passive mode.

Some firewalls filter commands...

Do you have an internal/external interface on your server, or just one?

Collapse -

All ports are already open

by sparadrapo In reply to Active versus Passive FTP

Hey robo_dev,

firstly, thanks for trying to help me with my issue. It's becoming a prob... rsrss

Well, the filezilla ftp server has a option where it says that is possible go through a NAT by entering IP. IT is regarding the passive-mode of course.

But to be honest with you, i have either tryed with my internal IP and with my external global IP (the one i got from my ISP) and it didnt make any difference.

It seems to me as if there was something blocking my access.
As when from inside of my network it works fine.

Just to help you help me. Here is what i have.
e.g.:
internal ip 192.168.33.200 (my server win2003)
external ip 91.58.200.100 (ip got from ISP)
I got a NAT table set in my zyxel router like:

start port n. end port n. ip address
21 21 192...200
211 21 192...133
1024 3380 192...200
... ando so on with few more allowing other accesses.

the question now is. Is there any thing i should also set in win2003 allowing FTP service to run smoothly?
If not, why then i cant reach my ftp from outside?

Collapse -

In time

by sparadrapo In reply to Active versus Passive FTP

Hello robo_dev,

I was wondering if you had time to take a look at my problem.
I sent you back another reply fully detailed.

When possible, please give a hand with it.

I really dont understand what is going on.
My FTP Server seems to be perfectly set up.

Ta

Collapse -

As robo_dev had said in his post, but to add further.....

The 425 error means that the data channel is blocked or closed between you and the server you are trying to connect to.

For Active connections open ports 20 and 21
For Passive connections open ports 21 and 1024+ (and higher)

Also, turn off command filtering on the firewall.

If you still cannot get a successful connection, check all devices that are between the client and server to ensure that the proper ports are open (e.g. routers).

"I am getting 425 connection errors when trying to connect to my WS_FTP Server. What is going on?"

Answer/Solution: This error means there is no connection being made between the server and your ftp client.

The best way to troubleshoot this is to work your way from the server to the "outside world" one step at a time. In order to do this, please do the following:

Try to connect to the server locally by going to a DOS prompt on the ftp server and entering "ftp localhost". If you cannot connect locally, make sure that you don't have another ftp server running on the machine. If you don't, you have a network problem that is preventing you from connecting to port 20 and you need to contact your network administrator about it.

If you can connect locally, shut off any firewall that may be blocking the connection and try to connect from another internal machine. If you can't shut off the firewall, make sure that ports 20 and 21 are open in the firewall. They both need to be open in order to connect to the server.

Once you can successfully connect both locally and from another internal machine, you can test whether or not you can connect from an external machine. Problems connecting from an external machine usually result from a DNS configuration problem or from a firewall or router problem.

You can use the DOS traceroute command to determine the problem. The traceroute command (syntax: tracert IPaddress) will show you where problems are occurring in the path between the ftp client and the ftp server.

Question/Problem: My firewall does command filtering. How can I get SSL for an ftp connection to work correctly through the firewall?

Answer/Solution: You will need to turn off command filtering on your firewall in order for SSL to work. Once SSL is enabled all communication between the server and client will be encrypted. The firewall has no way of decrypting the information being sent. For this reason, the firewall will reject the encrypted information even if the AUTH SSL command is allowed through the firewall.

Hope this might help you in tracing your problem..

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums