Editing Setting up your Router to Fix the "425 code"

From FileZilla Wiki
Jump to navigationJump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 5: Line 5:
 
==”Abstract”==
 
==”Abstract”==
  
This Wiki will go over the common technical reason(s) for error 425 being given after the FZS sends the 227 Passive command to the FTP client—regardless of what client is being used.  This Wiki is written for the common user in a narrative tone—if a more in-depth technical Wiki is desired refer to the [https://wiki.filezilla-project.org/Network_Configuration Network Configuration] article.
+
This Wiki will go over the common technical reason(s) for error 425 being given after the FZS sends the 227 Passive command to the FTP client—regardless of what client is being used.  This Wiki is written for the common user in a narrative tone—if a more in-depth technical Wiki is desired refer to the [https://wiki.filezilla-project.org/Network_Configurationlink Network Configuration] article.
  
 
==Narrative==
 
==Narrative==
  
So, you've set up your FZS and it works for a local connection in your home, BUT you want to make your Local FTP Server accessible when you’re away—and you want to use encryption (FTP over TLS) to do so.  You set up a Dynamic DNS (DynDNS) service to point to your FZS via your external IP address (don’t worry I’ll explain later in the Wiki).  You’ve followed a how-to on setting up FZS to use TLS, but you've run into an issue—and after looking at the FZS Log you see the problem—right after the "227 Passive command" is given and acknowledged you see a 425 error.  But even after summoning a Warlock, a Witch, and a Unicorn—you can’t fix it and wind up here reading this Wiki.
+
So, you've set up your FZS and it works for a local connection in your home, BUT you want to make your Local FTP Server accessible when you’re away—and you want to use encryption (SSL/TLS) to do so.  You set up a Dynamic DNS (DynDNS) service to point to your FZS via your external IP address (don’t worry I’ll explain later in the Wiki).  You’ve followed a how-to on setting up FZS to use SSL/TLS, but you've run into an issue—and after looking at the FZS Log you see the problem—right after the "227 Passive command" is given and acknowledged you see a 425 error.  But even after summoning a Warlock, a Witch, and a Unicorn—you can’t fix it and wind up here reading this Wiki.
  
 
==The Problem==
 
==The Problem==
Line 18: Line 18:
 
===Why the Router?===
 
===Why the Router?===
  
OK, so I know that this Wiki isn’t supposed to get too technical, but some of you might be curious as to how the router works, and why it’s doing what it is.
+
OK, so I know that this Wiki isn’t supposed to get to technical, but some of you might be curious as to how the router works, and why it’s doing what it is.
  
 
The Router is an important part in your Network security.  Some say it’s the first line of defence against hacking and the last line of defence against Trojans/Viruses leaving with your private data—others say it’s a magic box connecting you to the world using sorcery—all of these are true.
 
The Router is an important part in your Network security.  Some say it’s the first line of defence against hacking and the last line of defence against Trojans/Viruses leaving with your private data—others say it’s a magic box connecting you to the world using sorcery—all of these are true.
Line 24: Line 24:
 
The router takes one IP address and allows many devices to connect to the Internet using a complex protocol called [http://en.wikipedia.org/wiki/Network_address_translation Network Address Translation (NAT)].  Each time a computer requests information, such as going to “Google,” it puts it in a “packet” (think of an envelope) that the router opens, looks for an address, and then sends it to the Google web page, and in turn the Google web page sends a packet back with the information that opens up in your browser—only first the Router again opens the return packet to make sure that someone inside your private network requested it, and then sends it to the appropriate computer.  
 
The router takes one IP address and allows many devices to connect to the Internet using a complex protocol called [http://en.wikipedia.org/wiki/Network_address_translation Network Address Translation (NAT)].  Each time a computer requests information, such as going to “Google,” it puts it in a “packet” (think of an envelope) that the router opens, looks for an address, and then sends it to the Google web page, and in turn the Google web page sends a packet back with the information that opens up in your browser—only first the Router again opens the return packet to make sure that someone inside your private network requested it, and then sends it to the appropriate computer.  
  
What if a packet comes in that no one requested?  The Router puts it in the “trash”—in technical terms, the Router “drops” the packet.  This keeps bad stuff out, and allows only what you’ve asked for to come in.
+
What if a packet comes in that no one requested?  The Router puts it in the “trash”—in technical terms, the Router “drops” the packet.  This keeps bad stuff in, and allows only what you’ve asked for to come in.
  
 
So what does this mean for this application?  As stated above FZS uses an encrypted protocol to receive data.  The Router can’t see that the encrypted data “packets” are “OK” to let in on the ports they are coming in on, and thus thinks that a hacker is trying to break in because those ports are closed.
 
So what does this mean for this application?  As stated above FZS uses an encrypted protocol to receive data.  The Router can’t see that the encrypted data “packets” are “OK” to let in on the ports they are coming in on, and thus thinks that a hacker is trying to break in because those ports are closed.
  
At this point you can think whatever you want, like "well when I shut off the TLS portion of the service it works, so why don’t we change the type of encryption?" or whatever else you might come up with—but after all the work you’ve done so far, why give up now when there’s an easy fix?  And there’s the pesky fact that you can’t change the type of encryption that FZS uses (what a drag…).
+
At this point you can think whatever you want, like "well when I shut off the SSL/TLS portion of the service it works, so why don’t we change the type of encryption?" or whatever else you might come up with—but after all the work you’ve done so far, why give up now when there’s an easy fix?  And there’s the pesky fact that you can’t change the type of encryption that FZS uses (what a drag…).
  
 
“So how do we know it’s the router?” You might ask.  Take a look at the following Log, and the explanation below it.
 
“So how do we know it’s the router?” You might ask.  Take a look at the following Log, and the explanation below it.
Line 37: Line 37:
  
 
# (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> Connected, sending welcome message...
 
# (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> Connected, sending welcome message...
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> TLS connection established
+
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> SSL connection established
 
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> HOST **********.mooo.com
 
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> HOST **********.mooo.com
 
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> 500 Syntax error, command unrecognized.
 
#* (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> 500 Syntax error, command unrecognized.
Line 45: Line 45:
 
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 230 Logged on
 
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 230 Logged on
 
#* *Output Omitted*
 
#* *Output Omitted*
# (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)>  AUTH TLS
+
# (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)>  AUTH SSL
 +
#* (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)>  AUTH TLS
 
#* *Output Omitted*
 
#* *Output Omitted*
 
# (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> MKD Cobian Backup 11 test directory-2013-12-28 20;43;42
 
# (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> MKD Cobian Backup 11 test directory-2013-12-28 20;43;42
Line 67: Line 68:
 
# The FTP Client (Cobian Backup 11 in this case) is establishing a connection with the FZS using standard ports 21 (non-encrypted) or 990 (encrypted) depending on your setup.
 
# The FTP Client (Cobian Backup 11 in this case) is establishing a connection with the FZS using standard ports 21 (non-encrypted) or 990 (encrypted) depending on your setup.
 
# The FTP Client is now providing the FZS with a username and password.
 
# The FTP Client is now providing the FZS with a username and password.
# The Server and client now establish that TLS must be used for further communication.
+
# The Server and client now establish that SSL must be used for further communication.
 
# The FTP Client is requesting that a folder be created.  FZS creates the folder, etc. (boring stuff).
 
# The FTP Client is requesting that a folder be created.  FZS creates the folder, etc. (boring stuff).
 
# Now FZS and the FTP Client enter Passive Mode (code 227)
 
# Now FZS and the FTP Client enter Passive Mode (code 227)
 
#* The FZS tells the FTP Client that the passive ports are located at "(84,25,240,74,206,88)."  
 
#* The FZS tells the FTP Client that the passive ports are located at "(84,25,240,74,206,88)."  
#* Decoded this translates to IP address 84.25.240.74 (the first four set of numbers) port number 52824 (the last two sets of numbers equated as: 206*256=52736, and 52736+88=52824 #Mathisfun).
+
#* Decoded this translates to IP address 84.25.240.74 (the first four set of numbers) port number 52824 (the last two sets of numbers equated as: 206*256=52736+88=52824 #Mathisfun).
 
# Here's where the 425 "error" is given
 
# Here's where the 425 "error" is given
 
# This last bit is what’s frustrating you, the connection is ending without any data being transferred…
 
# This last bit is what’s frustrating you, the connection is ending without any data being transferred…
Line 86: Line 87:
 
*Note: You’ll want to pay close attention here.
 
*Note: You’ll want to pay close attention here.
  
So what about this whole “DYNDNS” thing? For those of you who don’t know what this is, it’s a service that you can set up to point internet traffic to your computer when your external IP address is “Dynamic” or changes from time to time—as is the case with most public IP Addresses given by your Internet Service Provider (ISP).  The set-up of such service “can” be free with a little work, but this falls outside the scope of this article at this time, another article will explain this in the future.
+
So what about this whole “DYNDNS” thing? For those of you who don’t know what this is, it’s a service that you can set up to point internet traffic to your computer when your external IP address is “Dynamic” or changes from time to time—as is the case with most public IP Addresses given by you Internet Service Provider (ISP).  The set-up of such service “can” be free with a little work, but this falls outside the scope of this article at this time, another article will explain this in the future.
  
 
===External IP Address===
 
===External IP Address===
Line 96: Line 97:
  
 
The internal “Private” IP address of a Network “usually” starts with 192.168.X.X (where “X” can vary), and is assigned to your computer(s) so they can talk to the Internet via the external “Public” IP address.  The external address can be anything in all reality, for this Wiki we’ll pretend the outside address is 84.25.240.74.
 
The internal “Private” IP address of a Network “usually” starts with 192.168.X.X (where “X” can vary), and is assigned to your computer(s) so they can talk to the Internet via the external “Public” IP address.  The external address can be anything in all reality, for this Wiki we’ll pretend the outside address is 84.25.240.74.
 +
  
 
==Device Specific Instructions==
 
==Device Specific Instructions==
Line 107: Line 109:
 
# Under Private IP address type the IP address of the destination computer (FTP server).
 
# Under Private IP address type the IP address of the destination computer (FTP server).
 
#* Note: setting a static IP address on the FTP server is strongly suggested.
 
#* Note: setting a static IP address on the FTP server is strongly suggested.
# Repeat step 3 and allow port 990 (standard TLS port).   
+
# Repeat step 3 and allow port 990 (standard SSL port).   
 
# Repeat step 3 one last time and  
 
# Repeat step 3 one last time and  
 
#* Under the TCP ports fill in the range of the FZS passive ports: i.e. "60000-65000" just like that.
 
#* Under the TCP ports fill in the range of the FZS passive ports: i.e. "60000-65000" just like that.

Please note that all contributions to FileZilla Wiki are considered to be released under the GNU Free Documentation License 1.2 (see FileZilla Wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)
Retrieved from "https://wiki.filezilla-project.org/Setting_up_your_Router_to_Fix_the_%22425_code%22"