Editing Setting up your Router to Fix the "425 code"
From FileZilla Wiki
Jump to navigationJump to searchWarning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
==Introduction== | ==Introduction== | ||
− | This is a How-to guide on how to set up your router with FileZilla Server (FZS) in order to fix the error code 425. | + | This is a How-to guide on how to set up your router with FileZilla Server (FZS) in order to fix the error code 425. |
− | There is a Wiki on [https://wiki.filezilla-project.org/Network_Configuration Network Configuration] | + | There is a Wiki on [https://wiki.filezilla-project.org/Network_Configuration Network Configuration], however, it is written in such a way that the “layman” may have difficulty understanding what’s going on, and how to fix the 425 error code. |
+ | In addition, this Wiki will give instructions on how to set up your specific router. | ||
==”Abstract”== | ==”Abstract”== | ||
− | This Wiki will go over the common technical reason(s) for error 425 being given after the FZS sends the 227 Passive command to the FTP client—regardless of what client is being used. This Wiki is written for the common user in a narrative tone—if a more in-depth technical Wiki is desired refer to the [https://wiki.filezilla-project.org/ | + | This Wiki will go over the common technical reason(s) for error 425 being given after the FZS sends the 227 Passive command to the FTP client—regardless of what client is being used. This Wiki is written for the common user in a narrative tone—if a more in-depth technical Wiki is desired refer to the [https://wiki.filezilla-project.org/Network_Configurationlink Network Configuration] article. |
==Narrative== | ==Narrative== | ||
− | So, you've set up your FZS and it works for a local connection in your home, BUT you want to make your Local FTP Server accessible when you’re away—and you want to use | + | So, you've set up your FZS and it works for a local connection in your home, BUT you want to make your Local FTP Server accessible when you’re away—and you want to use SSH to do so. You set up a Dynamic DNS (DynDNS) service to point to your FZS via your external IP address (don’t worry I’ll explain later in the Wiki). You’ve followed a how-to on setting up FZS to use SSH, but you've run into an issue—and after looking at the FZS Log you see the problem—right after the "227 Passive command" is given and acknowledged you see a 425 error. But even after summoning a Warlock, a Witch, and a Unicorn—you can’t fix it and wind up here reading this Wiki. |
==The Problem== | ==The Problem== | ||
− | More than likely the problem is that your FZS is requesting the FTP Client to use the Passive Ports defined in the FZS settings. And even though you’ve changed the settings in your [https://wiki.filezilla-project.org/Network_Configuration#Setting_up_FileZilla_Server_with_Windows_Firewall Windows 7 or 8 Firewall] you still can’t get your FTP Client to connect. | + | More than likely the problem is that your FZS is requesting the FTP Client to use the Passive Ports defined in the FZS settings. And even though you’ve changed the settings in your [https://wiki.filezilla-project.org/Network_Configuration#Setting_up_FileZilla_Server_with_Windows_Firewall Windows 7 or 8 Firewall] you still can’t get your FTP Client to connect. The FZS uses “FTPS” to transfer data, and in the router you’ll need to open up the Transfer Control Protocol (TCP) ports, and point them to your FZS PC. |
− | + | ||
+ | At this point you can think whatever you want, like "well when I shut off the SSH portion of the service it works," or "why not change the settings from FTPS to SFTP?" or whatever else you might come up with, the fact still remains that you chose FZS, and after all the work you’ve done so far, why give up now? | ||
===Why the Router?=== | ===Why the Router?=== | ||
− | + | The Router is an important part in your Network security. Some say it’s the first line of defence against hacking and the last line of defence against Trojans/Viruses leaving with your private data. The issue at hand is that some routers "need" to "see" the FTP activity to allow it to access the passive ports that your FZS gave the FTP client to use, and if the data is encrypted using SSH (like we want here) then the router blocks the encrypted traffic because it can't "see" that the TCP ports are not malicious—but being requested by the server (what a mouthful!). | |
− | |||
− | The Router is an important part in your Network security. Some say it’s the first line of defence against hacking and the last line of defence against Trojans/Viruses leaving with your private | ||
− | |||
− | The | ||
− | |||
− | + | ==Sample Log== | |
− | + | According to your logs (and all these numbers WILL vary so keep reading) you see: | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | According to your logs ( | ||
# (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> Connected, sending welcome message... | # (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> Connected, sending welcome message... | ||
− | #* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> | + | #* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> SSL connection established |
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> HOST **********.mooo.com | #* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> HOST **********.mooo.com | ||
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> 500 Syntax error, command unrecognized. | #* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> 500 Syntax error, command unrecognized. | ||
Line 44: | Line 35: | ||
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> PASS ********* | #* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> PASS ********* | ||
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 230 Logged on | #* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 230 Logged on | ||
− | + | **Output Omitted** | |
− | # (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> AUTH TLS | + | # (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> AUTH SSL |
− | + | #* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> AUTH TLS | |
+ | **Output Omitted** | ||
# (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> MKD Cobian Backup 11 test directory-2013-12-28 20;43;42 | # (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> MKD Cobian Backup 11 test directory-2013-12-28 20;43;42 | ||
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 257 "/Cobian Backup 11 test directory-2013-12-28 20;43;42" created successfully | #* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 257 "/Cobian Backup 11 test directory-2013-12-28 20;43;42" created successfully | ||
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> CWD Cobian Backup 11 test directory-2013-12-28 20;43;42 | #* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> CWD Cobian Backup 11 test directory-2013-12-28 20;43;42 | ||
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 250 CWD successful. "/Cobian Backup 11 test directory-2013-12-28 20;43;42" is current directory. | #* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 250 CWD successful. "/Cobian Backup 11 test directory-2013-12-28 20;43;42" is current directory. | ||
− | + | (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> PWD | |
− | + | (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 257 "/Cobian Backup 11 test directory-2013-12-28 20;43;42" is current directory. | |
− | + | **Output Omitted**<p> | |
+ | ===Passive Mode Log=== | ||
# (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> PROT P | # (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> PROT P | ||
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 200 Protection level set to P | #* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 200 Protection level set to P | ||
Line 64: | Line 57: | ||
#* (000015)12/28/2013 20:44:17 PM - rcstest (72.174.118.74)> disconnected. | #* (000015)12/28/2013 20:44:17 PM - rcstest (72.174.118.74)> disconnected. | ||
− | So here's what's going on: | + | So here's what's going on: The FTP server is telling the FTP client that the passive ports are located at "(84,25,240,74,206,88)" meaning IP address 84.25.240.74 (the first four set of numbers) port number 52824 ( ast two sets of numbers equated as: 206*256=52736+88=52824 ##Math##). The problem is that you forgot to tell your router about data that will be coming in so secret, that you don't even want your router know what it is. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | ==YAY! We found the problem! Now what?<p/>== | |
− | + | The Fix: In the router you'll need to open these ports for SSH traffic. SFTP and FTPS are two separate protocols, and need to be understood as such. Simply stated, one protocol allows the router to "see" that the encrypted traffic is allowed, the other doesn't. | |
− | + | Now on to the exciting part if you have no idea how to do this! Look for your brand of router below, if it's not listed ask me to list it, and I'll do my best! I am CCNA certified, and can give you direction on the commands needed for CLI (if you don't know what this means, then don't mess with it). | |
− | Now on to the exciting part if you have no idea how to do this! | ||
− | ==DynDNS Explained== | + | ===DynDNS Explained=== |
*Note: You’ll want to pay close attention here. | *Note: You’ll want to pay close attention here. | ||
− | So what about this whole “DYNDNS” thing? For those of you who don’t know what this is, it’s a service that you can set up to point internet traffic to your computer when your external IP address is “Dynamic” or changes from time to time—as is the case with most public IP Addresses given by | + | So what about this whole “DYNDNS” thing? For those of you who don’t know what this is, it’s a service that you can set up to point internet traffic to your computer when your external IP address is “Dynamic” or changes from time to time—as is the case with most public IP Addresses given by you Internet Service Provider (ISP). The set-up of such service “can” be free with a little work, but this falls outside the scope of this article at this time, another article will explain this in the future. |
===External IP Address=== | ===External IP Address=== | ||
Line 93: | Line 76: | ||
For the purpose of this Wiki we will not address the Subnet Masks, as it’s not relevant to this topic. | For the purpose of this Wiki we will not address the Subnet Masks, as it’s not relevant to this topic. | ||
− | ===Internal vs. External IP Address=== | + | ====Internal vs. External IP Address==== |
The internal “Private” IP address of a Network “usually” starts with 192.168.X.X (where “X” can vary), and is assigned to your computer(s) so they can talk to the Internet via the external “Public” IP address. The external address can be anything in all reality, for this Wiki we’ll pretend the outside address is 84.25.240.74. | The internal “Private” IP address of a Network “usually” starts with 192.168.X.X (where “X” can vary), and is assigned to your computer(s) so they can talk to the Internet via the external “Public” IP address. The external address can be anything in all reality, for this Wiki we’ll pretend the outside address is 84.25.240.74. | ||
+ | |||
==Device Specific Instructions== | ==Device Specific Instructions== | ||
Line 107: | Line 91: | ||
# Under Private IP address type the IP address of the destination computer (FTP server). | # Under Private IP address type the IP address of the destination computer (FTP server). | ||
#* Note: setting a static IP address on the FTP server is strongly suggested. | #* Note: setting a static IP address on the FTP server is strongly suggested. | ||
− | # Repeat step 3 and allow port 990 (standard | + | # Repeat step 3 and allow port 990 (standard SSH port). |
# Repeat step 3 one last time and | # Repeat step 3 one last time and | ||
#* Under the TCP ports fill in the range of the FZS passive ports: i.e. "60000-65000" just like that. | #* Under the TCP ports fill in the range of the FZS passive ports: i.e. "60000-65000" just like that. | ||
#* Use your FZS ports. No spaces, no other characters. | #* Use your FZS ports. No spaces, no other characters. | ||
# Apply the settings to the router, and allow it to reset. | # Apply the settings to the router, and allow it to reset. | ||
− | # Test the connection. | + | # Test the connection again and report findings. |