Solved

FTP LIST command returns 425 error: "Unable to build data connection: Network is unreachable"

Posted on 2004-08-23
15
1,350 Views
Last Modified: 2013-11-29
Hi!

My hosting provider does not allow Passive FTP, and I've been connecting using Active/Port well.

However, the last times I tried to connect to the server, it connects successfully, but whenever there is a LIST command, the server returns error 425 "Unable to build data connection: Network is unreachable"

I've tried disabling the firewall but the results were the same.

I contacted my provider and was told that nothing had changed in the server and that they, with an outside connection, were able to connect successfully.

I've tried using the browser, command-line FTP and several FTP clients without success.

I googled for this and found someone saying to turn on passive mode, but my server doesn't allow it.

What can I do?
0
Comment
Question by:b_loco
  • 7
  • 7
15 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 200 total points
ID: 11870887
Hi b_loco,
Where are you testing the connection from?

Normally when you connect via active mode the ftp client tells the server its IP address and port it is listening on for the data connection.
The problem can occur if you are behind a dumb firewall. Your client may be saying it's IP address is 192.168.1.2 for example and the firewall at the client end does not alter this so the server replies with the error since it knows that IP address is not valid over the Internet.
0
 
LVL 2

Author Comment

by:b_loco
ID: 11871115
I've tried disabling my firewall with the same result.

Can my ISP be causing that kind of behavior at another connection point?
My provider told me that with their ISP connection (not the same as the server) they were able to work nicely.
0
 
LVL 36

Expert Comment

by:grblades
ID: 11871304
What is your IP address?
Are you using a private addressing scheme?

Once we know this then we can diagnose the problem furthur.
0
 
LVL 2

Author Comment

by:b_loco
ID: 11871567
I'm not an expert in networking so I don't really follow your question...

I've got my local network address 192.168.something.something
And I've got an "outside" address 62.48.something.something;

The router handles local IP address distribution
0
 
LVL 36

Expert Comment

by:grblades
ID: 11871674
OK so if your router is not converting the ftp command as it passes through then it will be the cause of the problem.
What router do you have?
0
 
LVL 2

Author Comment

by:b_loco
ID: 11872139
Zixel prestige 600
0
 
LVL 36

Expert Comment

by:grblades
ID: 11873221
That make of router is quite good so it should work.

Can you turn on diagnostics on the ftp server so you can see all the commands and responses coming in. That would help greatly.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 2

Author Comment

by:b_loco
ID: 11893220
Connecting to www.mydomain.com on port 21. Attempt 1 of 3...

220 ProFTPD FTP Server ready.
USER myusername
331 Password required for myusername
PASS *********
230 User myusername logged in.
Server Type: UNIX (standard)
PWD
257 "/home/myusername" is current directory.
TYPE A
200 Type set to A.
PORT 192,168,0,5,6,254
200 PORT command successfull
LIST
425 Unable to build data connection: Network is unreachable
Unable to open data socket
CWD  /home/myusername/mainwebsite_html
250 CWD command successfull
PWD
257 "var/www/html" is current directory
PORT 192,168,0,5,6,255
200 PORT command successfull
LIST
425 Unable to build data connection: Network is unreachable
Unable to open data socket

... and so on

sorry about my late reply
0
 
LVL 2

Author Comment

by:b_loco
ID: 11893267
Increased points
0
 
LVL 36

Expert Comment

by:grblades
ID: 11893416
> PORT 192,168,0,5,6,254
This is the problem. The server is being told to connect back to 192.168.0.5 port 1790 (6*256+254) which is not a valid internet address.
Your Zixel router is not handling the ftp connections inteligently. Can you check the settings in the web interface for anything related to ftp.
0
 
LVL 2

Author Comment

by:b_loco
ID: 11893807
I'm sorry, I misunderstood your request.

What I posted was the log at the client

I'll try to get the server log
0
 
LVL 2

Author Comment

by:b_loco
ID: 11894190
Mon Aug  9 23:21:08 2004 0 81.193.###.### 0 /var/www/html/y/index.html a _ d r username ftp 1 * c
Mon Aug  9 23:21:08 2004 0 81.193.###.### 0 /var/www/html/y/level100_a.swf a _ d r username ftp 1 * c
Mon Aug  9 23:21:16 2004 0 81.193.###.### 835 /var/www/html/y/index.html a _ i r username ftp 1 * c
Mon Aug  9 23:21:23 2004 2 81.193.###.### 27903 /var/www/html/y/level100.swf b _ i r username ftp 1 * c

My provider gave me this logs, but I am not sure if they refer to my attempts. However, if they do, my ipaddress is "normal" and it resembles the one I have today (only last field changes)

Now I upload my files through a very user-unfriendly web interface and don't know if this refers to that activity (don't really know how to read them)
0
 
LVL 36

Expert Comment

by:grblades
ID: 11895917
Those logs are not really detailed enough as they only list the files transferred and the IP address which made the request. Full logging (often called debug logging) needs to be turned on so you can see every command and response given for all connections.
0
 
LVL 36

Expert Comment

by:grblades
ID: 12575801
The author did not respond with the additional logs requested so I could not diagnose furthur. I recomend delete/no refund.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now