One of the most common questions I get about FTP has to do with error 425, "Can't open data connection." This is indeed a protocol level error that is defined in the RFC. Its meaning is obvious: the data connection (for a directory listing, upload, or download) was unable to be established.
First - the most common solution: change the active/passive mode settings. But that might not work, and if it does its only a band-aid covering up the real problem.
As I've mentioned in the past, one of the most common reasons that this error occurs is a misconfiguration of the FTP server software itself, related to SSL connections and firewalls, in which the connection tries to establish itself on a bogus ip address. Read more about FTP SSL through a NAT firewall here, some potential solutions are included.
There are other less likely causes, such as:
- The server is configured to always use the same port for passive mode connections, or the client is configured to always use the same port for active mode connections, although in this case usually the software in question should raise a different error first, but I've seen this happen.
- In passive mode, the firewall in front of the FTP server doesn't have the correct ports open. So the server tells the client to connect to ipaddress 220.127.116.11 on port x, but the firewall doesn't allow incoming connections on port x. Most firewalls are smart enough to open up the port when it sees the PASV response. Vice versa for active mode and the firewall in front of the FTP client.