FTP Server "425 Can't open data connection" with Tomato installed

Discussion in 'Tomato Firmware' started by scottfrans, May 5, 2007.

  1. scottfrans

    scottfrans LI Guru Member

    Since I've upgraded my WRT54GL (v1.1) to Tomato firmware (v1.06), clients have been unable to get a directory listing from the FTP Server on my WinXP Pro computer. They can connect, but get a "425 can't open data connection" error. I never encountered this problem before upgrading to the WRT54GL and Tomato.

    I've messed around with every setting I can think of, but still can't find a remedy. I've also tried multiple FTP Server program to no avail. Any suggestions?

    Router settings:

    FTP Server settings:
  2. scottfrans

    scottfrans LI Guru Member

    no one else experienced this problem? :(
  3. bogderpirat

    bogderpirat Network Guru Member

    i'm using the exactly same setup (ports are different, rest is the same) and it's working. what does the filezilla server log say when someone attempts a transfer?
  4. roadkill

    roadkill Super Moderator Staff Member Member

    do you classify the ftp server qos with L7 filters?
  5. bogderpirat

    bogderpirat Network Guru Member

    yeah.. why?
  6. digitalgeek

    digitalgeek Network Guru Member

    I have setup filezila to listen on port 21, data on 5123... forwarded both ports to internal ip and set filezila to default under External IP...


    and Tomato forwarding...

  7. h0rnytoad1

    h0rnytoad1 Network Guru Member

    scottfrans : try setting your internal ports aswell for your passive connections, not just the external column.
  8. scottfrans

    scottfrans LI Guru Member

    so i did an nvram reset, and set the settings like digitalgeek's above (thanks to him and all of you that have helped :), and it works... however, when i set it to forward port 2121 to 21, the 425 error comes back...

    any thoughts on this one?
  9. Toxic

    Toxic Administrator Staff Member

    Try port forwarding 20 as well. ftp sometimes needs 20 (command) and 21 (Data) to work correctly
  10. roadkill

    roadkill Super Moderator Staff Member Member

    try removing the L7 filters
  11. digitalgeek

    digitalgeek Network Guru Member

    As every is explaining above, FTP uses multiple ports so only forwarding one port doesn't always work... I haven't done any extensive tests, just the basic connectivity and simple transfers you may need to forward multiple ports and tweak filezilla further to suit your needs.
  12. scottfrans

    scottfrans LI Guru Member

    I'm not quite sure how to properly set the L7 filters... I've included a bunch of screen grabs that show my current router settings

  13. scottfrans

    scottfrans LI Guru Member

    also, according to the comcast powerboost post, i might be better off if i disable QoS?
  14. digitalgeek

    digitalgeek Network Guru Member

    If you want to QOS your ftp, I would recommend you capture the port instead of trying to see the L7 activity. ports are faster reacting and more precise...
  15. roadkill

    roadkill Super Moderator Staff Member Member

    try not classify FTP with L7 use port number
  16. Bill_MI

    Bill_MI Network Guru Member

    Scott, everything points to Tomato (which I've never used) uses an FTP-ALG. Just forward port 21 to an ftp server set as nothing special and the router will do it all - including PASV handling.

    So when you try setting like most other LinkSys routers need, with the PASV port range manually set and the server using public IP, etc., this conflicts with th FTP-ALG.

    But here's the catch...

    The FTP-ALG is set *only* for port 21. Run something other than port 21 and you're back to needing manual PASV handling.

    Now, enter port mapping... hmmm... it may be easier to run the ftp server on 2121 and do PASV manually than figure out how port translation interacts with the FTP-ALG. The two may be incompatible to use at the same time (and handle PASV properly). I think this may explain why it fails when you port translate.

    Just trying to clear up the basics before you look at Qos stuff too much.
  17. scottfrans

    scottfrans LI Guru Member

    i'd turn QoS off if it would allow port forwarding to work without a 425 error on my FTP server

    i get a lot of random IP's trying to connect on port 21, so I'd rather not keep it there if I don't have to. i just don't know where to begin to get it to work when port forwarding 2121 to 21 without getting a "425 Can't open data channel" error :(
  18. scottfrans

    scottfrans LI Guru Member

    hey Bill, that's an excellent explanation, thank you!

    do you have any recommendation on how to setup PASV manually within my ftp server?
  19. Bill_MI

    Bill_MI Network Guru Member

    Hi Scott,

    Assuming you want to run an ftp server on port 2121 with a PASV range of 16100-16110 and your server is at I got this from your first post. It looks good except...

    1) FileZilla needs to be changed from port 21 to port 2121. I'm guessing this may be in "General"?

    2) Port forward 2121 with no translation (remove internal port 21).

    3) The FileZilla server has to know your REAL/PUBLIC/WAN/EXTERNAL ip address somehow. Notice you've set "Retrieve external IP address from:" and a URL is set to: http://ip.filezilla-project.org/ip.php. I'm getting strange results from this URL (or I've typed it wrong?).

    Compare to these (I'm not sure if these are the right format to really use):


    If they don't agree something has to be found that gets your WAN ip correctly. If you have a dynamic IP address (like DynDNS.org) this can make it easier by putting your DynDNS *hostname* in "Use the following IP".

    Hope this helps.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice