200 PORT command successful. Consider using PASV. 425 Failed to establish connection

Question

I have setup FTP server in Ubuntu 12.04 LTS.

Now when when I try to connect to FTP server from Windows 7 through command-line ftp.exe, I get successfully connected but I cannot get the list of directory. I get error

200 PORT command successful. Consider using PASV.
425 Failed to establish connection.

Shannon · Accepted Answer · 2016-11-29T00:07:00.123

21

Try using the passive command before using ls.

From FTP client, to check if the FTP server supports passive mode, after login, type quote PASV.

Following are connection examples to a vsftpd server with passive mode on and off

vsftpd with pasv_enable=NO:

# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 2.3.5)
Name (localhost:john): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quote PASV
550 Permission denied.
ftp>

vsftpd with pasv_enable=YES:

# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 2.3.5)
Name (localhost:john): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quote PASV
227 Entering Passive Mode (127,0,0,1,173,104).
ftp>

edited Nov 29 '16 at 00:07

answered Dec 02 '13 at 15:49

Shannon

1,036
9
20

4

`quote PASV` won't help. It switches only the server to the passive mode. But not the client. See [How to use passive FTP mode in Windows command prompt?](http://stackoverflow.com/q/18643542/850848) – Martin Prikryl Nov 16 '16 at 09:07
@MartinPrikryl I am not sure you read my answer. Also, it appears people have been editing my answer. However, you're right about the Windows command prompt. – Shannon Nov 29 '16 at 00:05
1

Yes, I read your answer. This question is about the Windows `ftp.exe` (*I try to connect to FTP server from **Window 7 through command-line***). In Windows `ftp.exe`, there's no `passive` command, there's even no support for passive mode. So your answer is irrelevant to the question. – Martin Prikryl Nov 29 '16 at 07:12
True. I'm upvoting your answer. I just wanted to be clear that I wasn't suggesting that `quote PASV` would help. – Shannon Dec 02 '16 at 18:40

Martin Prikryl · Answer 2 · 2016-11-16T09:06:07.837

You are using the FTP in an active mode.

Setting up the FTP in the active mode can be cumbersome nowadays due to firewalls and NATs.

It's likely because of your local firewall or NAT that the server was not able to connect back to your client to establish data transfer connection.

Or your client is not aware of its external IP address and provides an internal address instead to the server (in PORT command), which the server is obviously not able to use. But it should not be the case, as vsftpd by default rejects data transfer address not identical to source address of FTP control connection (the port_promiscuous directive).

See my article Network Configuration for Active Mode.

If possible, you should use a passive mode as it typically requires no additional setup on a client-side. That's also what the server suggested you by "Consider using PASV". The PASV is an FTP command used to enter the passive mode.

Unfortunately Windows FTP command-line client (the ftp.exe) does not support passive mode at all. It makes it pretty useless nowadays.

Use any other 3rd party Windows FTP command-line client instead. Most other support the passive mode.

For example WinSCP FTP client defaults to the passive mode and there's a guide available for converting Windows FTP script to WinSCP script.

(I'm the author of WinSCP)

score 12 · Answer 3 · edited Oct 13 '20 at 15:49

12

Actually your Windows firewall is blocking the connection. You need to enter these commands into cmd.exe from Administrator.

netsh advfirewall firewall add rule name="FTP" dir=in action=allow program=%SystemRoot%\System32\ftp.exe enable=yes protocol=tcp
netsh advfirewall firewall add rule name="FTP" dir=in action=allow program=%SystemRoot%\System32\ftp.exe enable=yes protocol=udp

In case something goes wrong then you can revert by this:

netsh advfirewall firewall delete rule name="FTP" program=%SystemRoot%\System32\ftp.exe

edited Oct 13 '20 at 15:49

Martin Prikryl

167,268
50
405
846

answered Jan 20 '16 at 12:10

Manoj Singh Bisht

129
1
2

Thank you very much – thezapper Oct 21 '19 at 18:04
To add to this solution, you can also temporarily disable the firewall on your Windows machine and then try again. Saves some time! – Eduardo Barrera May 02 '22 at 17:24

Rusher · Answer 4 · 2018-10-07T03:19:24.807

9

You need to use passive mode.

If you're using linux client, use pftp or ftp -p.

From man ftp:

-p    Use passive mode for data transfers. Allows use of ftp in environments where a firewall prevents connections from the outside world back to the client machine. Requires that the ftp server support the PASV command. This is the default if invoked as pftp.

edited Oct 07 '18 at 03:19

answered Sep 27 '18 at 01:40

Rusher

91
1
3

2

There's no `ftp -p` or `pftp` in Windows. – Martin Prikryl Sep 27 '18 at 05:21

score 0 · Answer 5 · answered Jan 24 '21 at 17:21

0

What worked for me was just typing the command passive and ftp went into passive mode from active mode.

answered Jan 24 '21 at 17:21

Tom

9
1

1

There's no `passive` command in Windows `ftp.exe`. You might be using Linux `ftp`. But that's not what this question is about. Also, the answer by @Shannon already suggests the same. – Martin Prikryl Jan 24 '21 at 19:40

score 0 · Answer 6 · answered May 26 '22 at 05:14

I was facing the same problem while running ftp <IP address>. Moving to passive mode (quote PASV) didn't help. When I tried to connect using pftp <IP address> , the issue got resolved and I was able to run commands successfully.

Problem

❯ ftp 10.129.54.92
Connected to 10.129.54.92.
220 (vsFTPd 3.0.3)
Name (10.129.54.92:rahul): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
ftp> quote PASV
227 Entering Passive Mode (10,129,54,92,215,216).
ftp> ls
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
ftp> exit
421 Timeout.

Solution

❯ pftp 10.129.54.92
Connected to 10.129.54.92.
220 (vsFTPd 3.0.3)
Name (10.129.54.92:rahul): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,129,54,92,165,170).
150 Here comes the directory listing.
-rw-r--r--    1 0        0              32 Jun 04  2021 flag.txt
226 Directory send OK.
ftp> get flag.txt
local: flag.txt remote: flag.txt
227 Entering Passive Mode (10,129,54,92,50,119).
150 Opening BINARY mode data connection for flag.txt (32 bytes).
226 Transfer complete.
32 bytes received in 0.00 secs (34.9944 kB/s)
ftp> exit
221 Goodbye.

Using `pftp` was suggested already by [@Rusher](https://stackoverflow.com/q/19516263/850848#52528227) – There's no `pftp` on Windows. + As discussed already the `quote PASV` does NOT switch you to the passive mode. — Martin Prikryl, May 26 '22 at 06:20

score -1 · Answer 7 · answered Mar 26 '21 at 10:09

-1

Disable Windows Firewall and after sometime again run ftp commands in cmd, It will work

answered Mar 26 '21 at 10:09

Divyanshu Pawar

11
1

200 PORT command successful. Consider using PASV. 425 Failed to establish connection

7 Answers7

Linked

Related