FTP Downloads – Error Message: "425"

Home Page Forums Network Management ZeroShell FTP Downloads – Error Message: "425"

This topic contains 4 replies, has 0 voices, and was last updated by  SupaJ 9 years, 4 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #42200

    SupaJ
    Member

    This is my setup:

    Internet — Windoze Server — ZeroShell VM appliance(Bridge Mode) — Switch — LAN

    I can login to FTP sites but I can’t list directories/files and download.
    Error Message: “425 Unable to build data connection: Operation timed out”
    I have open tcp port 20, 21. What must I do to allow me to download FTP files. Please note that my default FORWARD and INPUT chain policy is DROP.

    Below are the default firewall policies and rules:

    Policy DROP Chain FORWARD
    Policy DROP Chain INPUT
    Policy ACCEPT Chain OUTPUT

    FORWARD Rules
    Seq Input Output Description
    1 ETH00 * ACCEPT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 udp dpt:53
    2 ETH01 * ACCEPT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 udp spt:53
    3 ETH00 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 tcp dpt:80
    4 ETH01 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 tcp spt:80
    5 ETH00 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 tcp dpt:21
    6 ETH01 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 tcp spt:21
    7 ETH00 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 tcp dpt:20
    8 ETH01 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 tcp spt:20

    INPUT Rules
    Seq Input Output Description
    1 ETH00 * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00
    2 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED

    —-
    Thank you.

    #49606

    ppalias
    Member

    Add a RELATED-ESTABLISHED rule in the forward chain.

    #49607

    SupaJ
    Member

    Add a RELATED-ESTABLISHED rule in the forward chain.

    Thanks Ppalias but I’m still a bit confused. Can you please elaborate – input, output, etc?

    #49608

    ppalias
    Member

    What to elaborate? Obviously your ftp client is not opening the data port on tcp/21, so you need to track it.
    Now that I mentioned tracking, do a search on the forum for the same problem. Someone solved it with adding a module, ftp_conntrack if I remember well.

    #49609

    SupaJ
    Member

    Thanks man – maybe woman? LOL. Your suggestion of

    RELATED-ESTABLISHED rule in the forward chain

    worked fine with FTP in passive mode. 😉

    #49610

    ppalias
    Member

    You are welcome, I am a man by the way.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.