After updating ProFTPd on a server running FreeBSD, certain clients (FireFTP specifically) were able to log in, but not transfer files or retrieve a directory listing. The following error was shown to the client user:

425 Unable to build data connection: Operation not permitted

It appears that a recent change in ProFTPd’s default TLS handling rules requires SSL sessions to be re-used, which FireFTP does not do. Looking at the TLS log file shows these kinds of errors:

Sep 17 12:31:43 mod_tls/2.4.1[9592]: client did not reuse SSL session, rejecting data connection (see TLSOption NoSessionReuseRequired)

The fix is simple, add the following to proftpd.conf and restart ProFTPd:

TLSOptions NoSessionReuseRequired

29 Responses to “SOLVED: FireFTP / ProFTPd Error ‘Unable to build data connection: Operation not permitted’”

  1. James

    Thank you! I was running ProFTPD and couldn’t get my android clients to connect.

    Reply
  2. Jay Versluis

    Thank you so much! I’ve just run into this problem, never had an issue on the same server before. Weird but true.

    I had this on CentOS 6.x with Plesk 12. Here, the ProFTP service is part of xinetd, so any Plesk users out there need to “service restart xinetd” for the changes to take effect.

    Reply
  3. El Frillo

    Thanks!

    This worked for Nas4free, Just needed to add that in the last filed for setting up FTPS. Added a leading whitespace just in case.

    Reply
  4. Chris

    Thank you so much, ever since a server rebuild Dreamweaver kept failing with file size different, and this right here fixed it!!! I have been dealing with this for over a month!!

    Reply
  5. Mahendiran Madhaiyan

    Hi I am facing the same problem in the windows server 2012 .

    Is there any solution.

    Reply
  6. Rob Gibbs

    Thanks. Perfect. Fixed the problem. I wonder why this is not set as default?

    Reply
  7. Samuel

    FTP was working for 4 years, zero updates to anything (I know, I know), just randomly stopped working for all of my clients at the same time. This sorted it out. thanks.

    Reply
  8. Farhan Aditya

    Thank you very much! I finally found the solution. However, in my case, I have to add the configuration to tls.conf instead of proftpd.conf (because it will results in an error, idk why).

    Reply
  9. Giuseppe

    Thank you very much! it worked perfectly on TrueNas 12.0-U2 after last update.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.