Search code examples
javaftpapache-commons-net

425 Failed to establish connection

I'm trying to download a file via FTP with a Java application.

The FTP url is accessible from this web page: http://professionnels.ign.fr/adminexpress. More specifically, I'm trying to download this file.

  • From my home, I can download the file successfully with my java application, Firefox or Chrome.
  • From my work, I can do the same with Firefox and Chrome only. My application refuses to download anything.

NOTA: At work, the browsers and my application use the same HTTP proxy to access internet.

I'm using Apache Commons Net 3.6.

Here is a sample of the FTP exchanges of my application. I wasn't able to sniff those of Chrome or Firefox.

220 Bienvenue sur le site FTP de L INSTITUT NATIONAL DE L INFORMATION GEOGRAPHIQUE ET FORESTIERE
USER *******
331 Please specify the password.
PASS *******
230 Login successful.
TYPE I
200 Switching to Binary mode.
PASV
227 Entering Passive Mode (192,134,132,16,65,180).
RETR /ADMIN-EXPRESS-COG_2-0__SHP_WM__FRA_2019-05-20.7z.001
425 Failed to establish connection.
Solution

  • tl;dr

    It turned out that the HTTP proxy at my work already handles all the FTP exchanges. This is why Firefox and Chrome could download the file. When they aren't behind an HTTP proxy, it seems they act as an FTP client by sending FTP commands directly.

    A simple HTTP GET request to the HTTP proxy with the ftp url is enough to download the file.

    Here is a sum up of solutions I found during my investigations:

    • Use passive mode (PASV command)
    • Check if there's an FTP proxy to use rather than an HTTP Proxy
    • Check the configuration of the FTP server (if you have access to it)
    • Check the configuration of the HTTP proxy (if you have access to it)

    Precisely, the browsers perform a simple HTTP request as described below:

    GET ftp://user:[email protected]/file.ext HTTP/1.1
Host: example.com
User-Agent: WebBrowser-UA/x.y.z
...

    Then the HTTP proxy parses the FTP url and connects to the FTP server. The HTTP proxy returns the file content as a normal HTTP response.

    HTTP/1.1 200 OK
Last-Modified: Tue, 21 May 2019 11:23:00 GMT
Content-Length: 115545060
Content-Type: octet/stream
Connection: Keep-Alive
Age: 22
Date: Thu, 27 Jun 2019 10:27:09 GMT

(file content here...)

    However, in my case, the HTTP proxy allowed me to connect to the FTP server and exchange on the command FTP channel only. The data channel seemed to be blocked either in ACTIVE or PASSIVE mode.

    During my investigations, I found many people hitting this very same problem. The solutions they found (when they found one...) didn't apply to me. Here is a sum up of the solutions expressed in all those questions:

    • Use passive mode (PASV command)
    • Check if there's an FTP proxy to use rather than an HTTP Proxy
    • Check if the HTTP proxy handles directly the FTP exchanges
    • Check the configuration of the FTP server (if you have access to it)
    • Check the configuration of the HTTP proxy (if you have access to it)

    References: