Setting up your Router to Fix the "425 code"

Introduction

”Abstract”

Narrative

The Problem

Sample 425 error Log

According to your logs (Logs WILL vary so keep reading) you see:

1. (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> Connected, sending welcome message...
   • (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> TLS connection established
   • (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> HOST **********.mooo.com
   • (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> 500 Syntax error, command unrecognized.
2. (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> USER RCSTEST
   • (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> 331 Password required for rcstest
   • (000015)12/28/2013 20:43:55 PM - (not logged in) (72.174.118.74)> PASS *********
   • (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 230 Logged on
   • *Output Omitted*
3. (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> AUTH TLS
   • *Output Omitted*
4. (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> MKD Cobian Backup 11 test directory-2013-12-28 20;43;42
   • (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 257 "/Cobian Backup 11 test directory-2013-12-28 20;43;42" created successfully
   • (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> CWD Cobian Backup 11 test directory-2013-12-28 20;43;42
   • (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 250 CWD successful. "/Cobian Backup 11 test directory-2013-12-28 20;43;42" is current directory.
   • (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> PWD
   • (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 257 "/Cobian Backup 11 test directory-2013-12-28 20;43;42" is current directory.
   • *Output Omitted*
5. (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> PROT P
   • (000015)12/28/2013 20:43:55 PM - rcstest (72.174.118.74)> 200 Protection level set to P
   • (000015)12/28/2013 20:43:56 PM - rcstest (72.174.118.74)> PASV
   • (000015)12/28/2013 20:43:56 PM - rcstest (72.174.118.74)> 227 Entering Passive Mode (84,25,240,74,206,88)
   • (000015)12/28/2013 20:43:56 PM - rcstest (72.174.118.74)> STOR Test file.txt
6. (000015)12/28/2013 20:44:06 PM - rcstest (72.174.118.74)> 425 Can't open data connection for transfer of ""
7. (000015)12/28/2013 20:44:17 PM - rcstest (72.174.118.74)> QUIT
   • (000015)12/28/2013 20:44:17 PM - rcstest (72.174.118.74)> 221 Goodbye
   • (000015)12/28/2013 20:44:17 PM - rcstest (72.174.118.74)> disconnected.

So here's what's going on:

1. The FTP Client (Cobian Backup 11 in this case) is establishing a connection with the FZS using standard ports 21 (non-encrypted) or 990 (encrypted) depending on your setup.
2. The FTP Client is now providing the FZS with a username and password.
3. The Server and client now establish that TLS must be used for further communication.
4. The FTP Client is requesting that a folder be created. FZS creates the folder, etc. (boring stuff).
5. Now FZS and the FTP Client enter Passive Mode (code 227)
   • The FZS tells the FTP Client that the passive ports are located at "(84,25,240,74,206,88)."
   • Decoded this translates to IP address 84.25.240.74 (the first four set of numbers) port number 52824 (the last two sets of numbers equated as: 206*256=52736, and 52736+88=52824 #Mathisfun).
6. Here's where the 425 "error" is given
7. This last bit is what’s frustrating you, the connection is ending without any data being transferred…

Again, your output will vary in all aspects.

We Found the Problem, Now What?

The Fix: In the router you'll need to open these ports for the encrypted traffic. Now on to the exciting part if you have no idea how to do this! Look for your brand of router below, if it's not listed ask me to list it, and I'll do my best!

DynDNS Explained

• Note: You’ll want to pay close attention here.

So what about this whole “DYNDNS” thing? For those of you who don’t know what this is, it’s a service that you can set up to point internet traffic to your computer when your external IP address is “Dynamic” or changes from time to time—as is the case with most public IP Addresses given by your Internet Service Provider (ISP). The set-up of such service “can” be free with a little work, but this falls outside the scope of this article at this time, another article will explain this in the future.

External IP Address

Your external IP address is the address given to you by your ISP. It should not in any way resemble your server’s IP address, or the IP address of any computer on your network. For the purpose of this Wiki we will not address the Subnet Masks, as it’s not relevant to this topic.

Internal vs. External IP Address

The internal “Private” IP address of a Network “usually” starts with 192.168.X.X (where “X” can vary), and is assigned to your computer(s) so they can talk to the Internet via the external “Public” IP address. The external address can be anything in all reality, for this Wiki we’ll pretend the outside address is 84.25.240.74.

Device Specific Instructions

Please send a request for your device to be added if you don’t see it, and we’ll do our best to add it.

Apple Airport Extreme

1. Under the Network tab of the Airport Utility there’s a section titled "port settings."
2. Click the "+" button to add a setting, either select "FTP access" from the dropdown, or add it.
3. Under both "Private TCP ports" and "Public TCP Ports" put in 21 (standard FTP Port).
   • Note: You do NOT need to allow UDP ports as they are not used for FTP.
4. Under Private IP address type the IP address of the destination computer (FTP server).
   • Note: setting a static IP address on the FTP server is strongly suggested.
5. Repeat step 3 and allow port 990 (standard TLS port).
6. Repeat step 3 one last time and
   • Under the TCP ports fill in the range of the FZS passive ports: i.e. "60000-65000" just like that.
   • Use your FZS ports. No spaces, no other characters.
7. Apply the settings to the router, and allow it to reset.
8. Test the connection.