Causes of FTP 425 error?

imported_goku

Diamond Member
Mar 28, 2004
7,613
3
0
Some people who connect to my FTP server get this error while others don't. I can't figure it out, this happens to people even with out firewalls/routers.. It's not browser specific either because it can "not work" on IE and FF and work on IE and FF.
 

Smilin

Diamond Member
Mar 4, 2002
7,357
0
0
The most common issue is active/passive + NAT problem.

In a nutshell, most TCP connections are made TO a particular port and then back on an ephemeral port that's specified in the session setup.

Firewalls dig this. They can allow all outbound, and know when to let stuff back in cuz they saw the ephemeral port being specified when they first let stuff out.

FTP is different. A client uses a PORT or PASV command that tells the server of a new set of ports to use for the data transfer. This command is issued in the upper, application layers. A plain TCP/IP firewall can't see that happening. The server attempts to setup this basically new connection and an intervening firewall says, "Whoa, BS. I don't let this port in!"


One of the best explanations I've found is on ISAServer.org:
http://www.isaserver.org/articles/How_t...ocol_Challenges_Firewall_Security.html


Couple options for ya...
Passive FTP option in IE is under:
Internet options | advanced | Browsing category | Use Passive FTP

You can also ensure your FTP server is either on the edge of your network or behind a firewall that is application layer aware (ISA, Checkpoint)