Mc2102
asked on
"425 Cannot open data connection."
Hello,
I have a littl strange issue. At least I believe it is strange. I run Gene6 FTP server on Windows Server 2003.
The FTP server is running behind a firewall which does NAT the public IP of the server to its private IP. If a user connects from the outside world to the FTP server
using a FTP client like CuteFTP then everything works just fine.
But if a client uses for example the Windows XP ftp command then he\she is able to connect and authenticate but as soon he\she runs the ls command for example then he\she
sees the following error message;
"425 Cannot open data connection."
Please see output below:
========================== ========== ====
U:\>ftp ftp.domain.com
Connected to ftp.domain.com.
220 FTP Server ready...
User (ftp.customcall.com:(none)): user1
331 Password required for user1.
Password:
230 User user1logged in.
ftp> quote pasv
227 Entering Passive Mode (172,24,23,85,255,255)
ftp> ls
200 Port command successful.
425 Cannot open data connection.
ftp>
========================== ========== ====
I had a look into the firewall logs and the FTP server is actually trying to connect on port 4015 and above back to the client. The port number is changing dynamically.
I have configured the server to allow PASSIV mode only connections and port the FTP server should pass back to the client is 65535. Not 4000.
And again - with a FTP client the issue does not exist. I have to admit that I am not sure what the right approach is to fix that issue because the FTP server in my opinion should not try to connect on port 4000+ to the client. That is why I configured a dedicated port for the PASSIV mode.
If possible I would like to fix the problem without opening the firewall rules for the FTP server.
Thank you
Marcus
I have a littl strange issue. At least I believe it is strange. I run Gene6 FTP server on Windows Server 2003.
The FTP server is running behind a firewall which does NAT the public IP of the server to its private IP. If a user connects from the outside world to the FTP server
using a FTP client like CuteFTP then everything works just fine.
But if a client uses for example the Windows XP ftp command then he\she is able to connect and authenticate but as soon he\she runs the ls command for example then he\she
sees the following error message;
"425 Cannot open data connection."
Please see output below:
==========================
U:\>ftp ftp.domain.com
Connected to ftp.domain.com.
220 FTP Server ready...
User (ftp.customcall.com:(none)): user1
331 Password required for user1.
Password:
230 User user1logged in.
ftp> quote pasv
227 Entering Passive Mode (172,24,23,85,255,255)
ftp> ls
200 Port command successful.
425 Cannot open data connection.
ftp>
==========================
I had a look into the firewall logs and the FTP server is actually trying to connect on port 4015 and above back to the client. The port number is changing dynamically.
I have configured the server to allow PASSIV mode only connections and port the FTP server should pass back to the client is 65535. Not 4000.
And again - with a FTP client the issue does not exist. I have to admit that I am not sure what the right approach is to fix that issue because the FTP server in my opinion should not try to connect on port 4000+ to the client. That is why I configured a dedicated port for the PASSIV mode.
If possible I would like to fix the problem without opening the firewall rules for the FTP server.
Thank you
Marcus
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the good and usefull infos.
ASKER
Does anybody know anything about that?