WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!
Solved
Filezilla server started to give 425 error on EPSV connections
Posted on 2013-06-19
Hi,
We've had Filezilla FTP server running on our server for years now without any problems.
We recently moved from a self hosted environment to a virtual one and P2V'd our FTP server.
Ever since then one customer can't FTP files to us.
They have a program that collates xml files, zips them and sends them to us.
I've noticed in the log file that they are issuing an EPSV command (twice) then an EPRT (which I thought we should be ignoring?)
They then get as far as trying to open the data channel and it fails with a 425 error.
I've asked the company hosting the servers to investigate their firewall and they can't see anything that could be causing this.
They have also opened all ports from the customers IP to this server and the transfer still fails.
Can anyone offer any thoughts? All other FTP connections work fine.
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> Connected, sending welcome message...
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> 220-FileZilla Server version 0.9.23 beta
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> 220 Welcome to our FTP Server
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> USER xxxx
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> 331 Password required for xxxx
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> PASS xxxx
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 230 Logged on
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> CWD ToCompanyName
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 250 CWD successful. "/ToCompanyName" is current directory.
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> TYPE I
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 200 Type set to I
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> EPSV ALL
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 229 Entering Extended Passive Mode (|||1816|)
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> EPSV
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 229 Entering Extended Passive Mode (|||1817|)
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> EPRT |1|195.69.xxx.xx|2765|
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> 200 Port command successful
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> STOR LAAD3_alice.willoughby_201
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> 150 Opening data channel for file transfer.
(003548) 19/06/2013 09:54:26 - ftpusername (195.69.xxx.xx)> 425 Can't open data connection.
(003548) 19/06/2013 10:04:26 - ftpusername (195.69.xxx.xx)> 421 Connection timed out.
(003548) 19/06/2013 10:04:26 - ftpusername (195.69.xxx.xx)> disconnected.
We've had Filezilla FTP server running on our server for years now without any problems.
We recently moved from a self hosted environment to a virtual one and P2V'd our FTP server.
Ever since then one customer can't FTP files to us.
They have a program that collates xml files, zips them and sends them to us.
I've noticed in the log file that they are issuing an EPSV command (twice) then an EPRT (which I thought we should be ignoring?)
They then get as far as trying to open the data channel and it fails with a 425 error.
I've asked the company hosting the servers to investigate their firewall and they can't see anything that could be causing this.
They have also opened all ports from the customers IP to this server and the transfer still fails.
Can anyone offer any thoughts? All other FTP connections work fine.
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> Connected, sending welcome message...
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> 220-FileZilla Server version 0.9.23 beta
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> 220 Welcome to our FTP Server
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> USER xxxx
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> 331 Password required for xxxx
(003548) 19/06/2013 09:53:54 - (not logged in) (195.69.xxx.xx)> PASS xxxx
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 230 Logged on
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> CWD ToCompanyName
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 250 CWD successful. "/ToCompanyName" is current directory.
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> TYPE I
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 200 Type set to I
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> EPSV ALL
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 229 Entering Extended Passive Mode (|||1816|)
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> EPSV
(003548) 19/06/2013 09:53:54 - ftpusername (195.69.xxx.xx)> 229 Entering Extended Passive Mode (|||1817|)
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> EPRT |1|195.69.xxx.xx|2765|
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> 200 Port command successful
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> STOR LAAD3_alice.willoughby_201
(003548) 19/06/2013 09:54:16 - ftpusername (195.69.xxx.xx)> 150 Opening data channel for file transfer.
(003548) 19/06/2013 09:54:26 - ftpusername (195.69.xxx.xx)> 425 Can't open data connection.
(003548) 19/06/2013 10:04:26 - ftpusername (195.69.xxx.xx)> 421 Connection timed out.
(003548) 19/06/2013 10:04:26 - ftpusername (195.69.xxx.xx)> disconnected.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
4 Comments
Are you using active or passive mode?
Filezilla uses passive mode by default, but for some environments active mode is required (Was there some changes made in your environment?).
Switch to active mode to test this possibility if you are in passive:
In FileZilla, click on Edit | Settings.
Under Connection, click on FTP and choose Active as the Transfer Mode.
Under Connection, under FTP, click on Active mode and choose “Ask your operating system for the external IP address” (the default setting).
Under Connection, under FTP, click on Passive mode and choose “Fall back to active mode” (this is an optional setting).
Filezilla uses passive mode by default, but for some environments active mode is required (Was there some changes made in your environment?).
Switch to active mode to test this possibility if you are in passive:
In FileZilla, click on Edit | Settings.
Under Connection, click on FTP and choose Active as the Transfer Mode.
Under Connection, under FTP, click on Active mode and choose “Ask your operating system for the external IP address” (the default setting).
Under Connection, under FTP, click on Passive mode and choose “Fall back to active mode” (this is an optional setting).
This should be easy enough to debug... Just make yourself a test login account and try to connect using EPSV (extended passive mode) for the data channel.. If you get the same behavior then the issue is with the virtual host. If it works for you then the problem is mostly likely the other client's firewall.
Another thing you could do is look in the logs and see if anyone else is using EPSV or if your other clients are all using PASV (tradition passive mode) and PORT (active mode) for their data channels.
Another thing you could do is look in the logs and see if anyone else is using EPSV or if your other clients are all using PASV (tradition passive mode) and PORT (active mode) for their data channels.
We've got no further with this but going to close the question and split the points between you as I appreciate your help and input.
Thanks.
Thanks.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Introduction
This article explores the design of a cache system that can improve the performance of a web site or web application. The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
- Superb Internet
- Hardware Firewalls
- Security
- Server Hardware
- Server Software
- *firewall management, *firewalls
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers.
Hopes this gives you ideas on visualizing your data in new ways ~
Create a calculated field in a query:
…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data.
But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month9 days, 5 hours left to enroll
721 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.