Get either client or server logs that show the PORT/PASV addresses. See if there's any pattern in the working/broken port ranges.
One fairly common issue is that the firewall has a range of ports open, that's smaller than the range the FTP client/server will try to use. So everything works fine, until eventually a port outside the range is requested. On 17 September 2012 11:27, Sachin Shetty <sshe...@egnyte.com> wrote: > Thanks for the response. > > It only stops working intermittently and interesting this is the immediate > error in the FtpLoggingFilter > > INFO 2012-09-16 11:32:56,015 pool-6-thread-19630 D- U- S- > org.apache.ftpserver.listener.nio.FtpLoggingFilter - SENT: 150 File status > okay; about to open data connection.^M > INFO 2012-09-16 11:32:56,015 pool-6-thread-19630 D- U- S- > org.apache.ftpserver.listener.nio.FtpLoggingFilter - SENT: 425 Can't open > data connection.^M > > Something happens in between the two log lines. > > > -----Original Message----- > From: John Hartnup [mailto:john.hart...@gmail.com] > Sent: Monday, September 17, 2012 3:42 PM > To: ftpserver-users@mina.apache.org > Subject: Re: GnuTLS internal error in Filezilla > > It looks to me like a firewall blocking the data connection. > > Some firewalls deal with FTP by snooping on the control connection, and > opening the appropriate ports when it sees a PORT or PASV command/response. > If the control connection is secured with SSL, the firewall can't see > PORT/PASV, so it doesn't open the ports. > > This IETF draft goes into some detail (or skip to the appendix to find out > how to fix it). > > On 17 September 2012 10:55, Sachin Shetty <sshe...@egnyte.com> wrote: > > > Hi, > > > > > > > > Any inputs on 425 Can't open data connection is really appreciated. It's > > causing lot of problems and we aren't sure what we else we can look for. > > > > > > > > Thanks > > > > Sachin > > > > > > > > From: Sachin Shetty [mailto:sshe...@egnyte.com] > > Sent: Friday, September 07, 2012 1:35 PM > > To: 'ftpserver-users@mina.apache.org' > > Subject: GnuTLS internal error in Filezilla > > > > > > > > Hi, > > > > We have Apache FTP Server running in production for a while now, it's > been > > mostly rock solid, but we see the following issue pretty often in > > production. > > > > Response: 150 File status okay; about to open data connection. > > Error: GnuTLS error -59: GnuTLS internal error. > > Response: 425 Can't open data connection. > > Error: File transfer failed > > > > On the apache ftp server logs, all we see is: > > > > INFO 2012-09-05 05:04:16,087 pool-3-thread-350 D- U- S- > > org.apache.ftpserver.listener.nio.FtpLoggingFilter - SENT: 425 Can't open > > data connection.^M > > > > Could it be one of the following: > > > > 1. All passive ports exhausted > > > > 2. We have a slightly different configuration, where we start 2 > listeners, > > one with implicit SSL and one without. Both have the same passive port > > range. > > > > Thanks > > Sachin > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > "There is no way to peace; peace is the way" > > -- "There is no way to peace; peace is the way"
