I've researched this topic throughly as to what Active mode is and why I hit the infamous 425 Can't open data connection. error but after all the documentation and tutorials and forums on the internet yielding no solution, I've decided to come here for one last crack at it.
By various means (explained at the bottom), I have been able to connect to this server remotely but only via Passive connections. I am not able to connect using Active mode – which the FileZilla client defaults to (in my case at least).
The server is running Windows 8 and FileZilla Server (part of the XAMPP package) and is using the ports:
- 21 for listening
- 990 for implicit FTP over TLS
- 14147 for remote management
- 6000-7000 for Passive Mode
These ports are opened in both the router's NAT and Windows Firewall.
These are the settings for the server
and these are the settings for the client
under passive mode, fallback to active mode is selected also
For obvious reasons, local connections work but remote connections do not.
Worth mentioning – ftptest.net reports the connection as a SUCCESS, however I discovered that it uses PASV mode to connect to the server. I've put the log from this successful connection over at pastebin for reference. Again this is using Implicit FTP over TLS. Standard FTP connections do work using this website (and not through my own means of connecting), but I have them disabled within the server forcing SSL/TLS connections only.
Best Answer
FTP has a control connection and a data connection. The control connection is started from the client to the server and thus makes usually no problems, but the data connections are different:
PORTorEPRTcommand inide the control channel. If the client is behind active mode will not work, because the client uses an IP address not reachable by the server. Similar problems are if the client is behind a firewall, because connections from outside will simply be blocked. Only FTP aware firewalls might employ special helpers to manage active connections (and these will not work with FTPS).PASVorEPSVcommands. There are no problems with NAT on the client side and usually no problems with firewalls either. But there will be problems if the server itself is behind firewall or NAT.In short: Passive mode works most of the time, while active mode works only if the client has a public address. But this is not the case for clients behind a router (at home, public hotspot...) and usually also not in mobile networks.