FTP - 425 Can't open data connection (Active Mode does not work)

I've researched this topic throughly as to what Active mode is and why I hit the infamous 425 Can't open data connection. error but after all the documentation and tutorials and forums on the internet yielding no solution, I've decided to come here for one last crack at it.

By various means (explained at the bottom), I have been able to connect to this server remotely but only via Passive connections. I am not able to connect using Active mode - which the FileZilla client defaults to (in my case at least).

The server is running Windows 8 and FileZilla Server (part of the XAMPP package) and is using the ports:

21 for listening
990 for implicit FTP over TLS
14147 for remote management
6000-7000 for Passive Mode

These ports are opened in both the router's NAT and Windows Firewall.

These are the settings for the server
FileZilla Server Options

and these are the settings for the client
FileZilla Client Options
under passive mode, fallback to active mode is selected also

For obvious reasons, local connections work but remote connections do not.

Worth mentioning - ftptest.net reports the connection as a SUCCESS, however I discovered that it uses PASV mode to connect to the server. I've put the log from this successful connection over at pastebin for reference. Again this is using Implicit FTP over TLS. Standard FTP connections do work using this website (and not through my own means of connecting), but I have them disabled within the server forcing SSL/TLS connections only.

SteppingHat

Posted 2014-12-02T04:49:28.283

Reputation: 228

PASV mode works better in NAT environments. Why are you displaying the passive mode settings for the server, but active mode settings for the client? – Paul – 2014-12-02T05:37:17.037

@Paul I was attempting to display all the settings actually. Active had the most stuff so I screenshotted that but passive mode just had two options, fallback or use external ip so I stated that underneath. As far as I'm aware, the server doesn't have any active settings (not that I could find immediately at least) – SteppingHat – 2014-12-02T05:56:10.843

So... can you use PASV mode? If so, I would forget about active all together, it is much harder to get it to work. – Paul – 2014-12-02T07:33:54.950

Answers

FTP has a control connection and a data connection. The control connection is started from the client to the server and thus makes usually no problems, but the data connections are different:

in active mode the server tries to connect to the client. The necessary IP and port setting are send within the PORT or EPRT command inide the control channel. If the client is behind active mode will not work, because the client uses an IP address not reachable by the server. Similar problems are if the client is behind a firewall, because connections from outside will simply be blocked. Only FTP aware firewalls might employ special helpers to manage active connections (and these will not work with FTPS).
in passive mode the client connects to the server. The necessary IP and port are send within the response to the PASV or EPSV commands. There are no problems with NAT on the client side and usually no problems with firewalls either. But there will be problems if the server itself is behind firewall or NAT.

In short: Passive mode works most of the time, while active mode works only if the client has a public address. But this is not the case for clients behind a router (at home, public hotspot...) and usually also not in mobile networks.

Steffen Ullrich

Posted 2014-12-02T04:49:28.283

Reputation: 3 897

Believe it or not that actually helped me alot! I was able to point fingers at the router stopping active mode from working. Also, one thing I realised is that my client was for some reason set to active mode rather than the recommended passive mode. I couldn't figure out why it was doing active vs passive even though I knew it was the preferred method but both problems are fixed now. Active mode works and the client now works in passive mode again. Thanks for your help! :D – SteppingHat – 2014-12-03T03:41:10.713

Running an FTP client on the local network device had problems when using the external IP address, like: 92.646.178.168. The server log would indicate this IP.

By configuring the client's 'host name or address', so it's not an IP address, instead use the name like "Maker". The router correctly sends the data packets to the FZserver. So when testing the connection I would suggest this simple change. Then use another networked device in my case a wireless device only to use the external IP here.

user594072

Posted 2014-12-02T04:49:28.283

Reputation: 1