RESOLVED - [FORTIGATE 60B] Filezilla Server - 425 can' t open data connection

Question

Hello !     So i'  want to configure a FTP server on my windows 2008R2.    The connection between the client and the FTP server is successful but the data cannot be retrieve.     In the passive mode settings, i use the port range : 50000 - 50100, but I don' t really know where and how to configure that in my Fortigate 60B.     Here is the log from filezilla :       (000953)2/10/2014 09:23:05 - admin (91.183.220.172)> 425 Can' t open data connection for transfer of " /"   (000953)2/10/2014 09:23:11 - admin (91.183.220.172)> disconnected.  (000954)2/10/2014 09:23:11 - (not logged in) (91.183.220.172)> Connected on port 2121, sending welcome message...  (000954)2/10/2014 09:23:11 - (not logged in) (91.183.220.172)> 220-FileZilla Server version 0.9.47 beta  (000954)2/10/2014 09:23:11 - (not logged in) (91.183.220.172)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)  (000954)2/10/2014 09:23:11 - (not logged in) (91.183.220.172)> 220 Please visit https://filezilla-project.org/  (000954)2/10/2014 09:23:11 - (not logged in) (91.183.220.172)> USER admin  (000954)2/10/2014 09:23:11 - (not logged in) (91.183.220.172)> 331 Password required for admin  (000954)2/10/2014 09:23:11 - (not logged in) (91.183.220.172)> PASS ******  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> 230 Logged on  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> PWD  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> 257 " /"  is current directory.  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> TYPE I  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> 200 Type set to I  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> PORT 192,168,8,172,194,206  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> 200 Port command successful  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> MLSD  (000954)2/10/2014 09:23:11 - admin (91.183.220.172)> 150 Opening data channel for directory listing of " /"   (000954)2/10/2014 09:23:21 - admin (91.183.220.172)> 425 Can' t open data connection for transfer of " /"       Does anyone know how to fix that ?

netmin · Answer

Hi Axel (and welcome),    2 potential issues:    you are using a custom FTP port (2121), which is potentially not seen by the FTP session helper, that can be configured in the CLI: config system session-helper    Your FTP client requested ACTIVE FTP, not passive FTP - maybe you can change this for a quick test to passive mode.    With Active FTP, the client offers via PORT command a high port (in your case 49870) the server may connect to from FTP server port-1, so normally port 20 (might be port 2120 in your case), if FZ server does the same.    Something like ... server:2120->client:49870 _or_ server:20->client:49870    Potentially, the client side blocks inbound access when using active FTP.    With passive FTP, the client requests via PASV command a high port from the server it can connect to.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded