If you are building a file transfer solution with WinSCP/FileZilla, in couple of circumstances you might have such kind aforementioned error due to mis-configuration setting or an additional config is required.
Assuming you are using FileZilla as your FTP server and your server is located on DMZ with directly connected with public IP. Here is the diagram for your reference.
As depicted on above diagram, FTP is using two mechanism in order to transfer the file:
- Control port: which is by default 21, but in this case we are using port 2211 for security reason (you may choose whatever port that is unused outside common well known ports). This port is mainly used for controlling the communication (open/close) among client and server
- Transfer port: this port is used to transfer files among client-server. Usually dynamic ports.
Mostly we only know about the first port upon implementation. That’s the reason why you will find such kind of issue as i explained earlier. So, then what is the action need to be taken to resolve this unexpected situation?
- We need to define which ports will we use for transferring the files
- Open firewall as stated on point #1
Let’s go with implementation.
First, login to your FTP server and open FileZilla server. Go to edit -> settings.
Define which port that you will use as a control port. It is recommended if you can also define how many user is allowed to be connected in this FTP server. There is also an option for you in order to determine how many core of CPU involved in this configuration. If you are facing any performance issue, you may increase the value.
Here you can define range ports for transferring the files. It is wise to define range ports rather than using dynamic ports as from security point of view we know that this ports only will be used during the transfer session. I put a hundred port range 50000-50100 here. One more point in order to secure your connection it is better to inject the SSL commercial certificate and allow only the secure connections during the data transmission.
Also at the later stage the same should be either forwarded/open to FTP server, else you will find an error as subject. Don’t forget to put your public IP address / FQDN there.
In this scenario since I am not using any router in front of the FTP server, then what I’ll need to do just allow the connection for both ports into the OS firewall.
As displayed we’ve given the first port for controlling the communication. Let’s have a try to pull the files.
I am assuming you’ve already created an user and give path of file/folder under this setting.
FileZilla: I found this error: 425 Can’t open data connection for transfer of “/”
WinSCP: Can’t open data connection for transfer of “/”
Go back to firewall setting and allow the range port 50000-50100.
Then, retry and magically now you will have an access and able to get files from your FTP server.
This is the complete log from FTP server.
Hope this helps!