LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   vsftpd: error 425 Failed to establish connection. (https://www.linuxquestions.org/questions/linux-server-73/vsftpd-error-425-failed-to-establish-connection-4175578010/)

dirkjo 04-21-2016 05:35 AM
vsftpd: error 425 Failed to establish connection.
 
Hi,

I'm running vsftpd on an OpenSuse 13.1 This server is behind a router which forwards external port 30021 to internal port 21. I want to download a file "test" from this server via browser.

When entering ftp://<internal IP>/test it works fine, when entering ftp://<external IP>:30021/test it doesn't work and I'm getting the error "425 Failed to establish connection".

vsftpd config:

userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
dirmessage_enable=YES
nopriv_user=ftpsecure
local_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
allow_writeable_chroot=YES
anonymous_enable=YES
anon_world_readable_only=YES
syslog_enable=NO
connect_from_port_20=YES
ascii_upload_enable=YES
pam_service_name=vsftpd
listen=YES
ssl_enable=NO
pasv_min_port=30000
pasv_max_port=30100
pasv_address=xxx.xxx.xxx.xxx
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
ftpd_banner=Welcome message
idle_session_timeout=900
log_ftp_protocol=NO
max_clients=10
max_per_ip=3
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES

Any ideas what to change?
Thanks in advance

tshikose 04-21-2016 09:03 AM
Hi,

I think the problem is related to the fact that the FTP protocol uses two connections: one for the commands (21) and another for the data.
It also depend if you are using active or passive FTP. While vsftpd support both, generally FTP clients initiate passive sessions.

That said, firewalls generally do not support FTP correctly.
Sometimes they just do not allow the active connection from port 20 to go out or to get responses, or they are unable to open and allow through the random port used with passive connections.
If your router is on Linux and it has decent (recent) kernel, then have look at iptables modules, as there are some that work well for passive FTP.

dirkjo 04-21-2016 10:04 AM
Hi,

thanks for your answer.

The router is a TP-Link TL6020 and has only a web-interface. I have no Linux access on it.

Using WinSCP (FTP) I tried both active and passive mode. Both gives the same result: 425 ...

tshikose 04-21-2016 10:32 AM
Hi,

I am afraid that you do not have an adequate firewall in order to enable FTP through port forwarding.


All times are GMT -5. The time now is 02:37 AM.