Server sent passive reply with unroutable address

When trying to connect via FTP clients, the misconfiguration in the FTP configuration file results in an error like "Server sent passive reply with unroutable address".

Many of our customers allow their website developers to have restricted access to the server due to security reasons.

So, developers often use FTP clients like FileZilla to upload and download files from the server, they come across this error message.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to resolve FTP related errors.

In this context, we shall look into the causes and their respective fixes for this FTP error message.

How we fix the FTP error 'Server sent passive reply with unroutable address'

Now, let's see the major reasons for this FTP error and how to fix it.

1. Bad firewall settings

Recently, one of our customers approached us with this error message’. Using server address instead when connecting to an FTP site.

On checking, we found that passive ports were not allowed on the firewall settings. This results in clients unable to connect to their server from the outside network.

So, we teak the firewall setting as adding passive ports range in firewall settings.

2. NAT configuration

Similarly, another customer had a problem with his FTP connection,  when he tried to connect the FTP server with FileZilla and getting the following errors

Server sent passive reply with unroutable address. Using server address instead.

On investigating, we found that the FTP client was behind NAT. However, the FTP protocol doesn’t support NAT at all. Also, the client explicitly informs the server in active mode to open a secondary connection to the server’s IP address, which will not work if the client is behind NAT

So, we edit the /etc/vsftpd.conf file as below:


Finally, this fixed the error.

[Need urgent assistance to manage the FTP server? We'll help you. ]


This article will guide you on ways to resolve #Server sent passive reply with unroutable address which occurs due to bad server settings or when an FTP client is behind #NAT. 

#FileZilla has updated their FTP #client, and FTP over TLS is now used by default. This results in clients being unable to connect to their server from the outside network.

Make sure that you properly set up for FTP over TLS/SSL, explicit and passive ports are allowed on the #firewall and set on Serv-U:

i. Go to the Serv-U settings at: Global Limits & Settings > Settings - Network Settings.

ii. Ensure the Auto-configure firewall through UPnP checkbox is not checked.

iii. Ensure the Packet time-out is set to 300 seconds.

iv. Set #PASV Port Range is 50,000-50,009, and port forward these ports to your router.

This configures the file transfer traffic to be routed through the router and directly to Serv-U through “Port Forwarding”.

If, after this, you are still unable to connect, try disabling the "Block FTP_Bounce and FXP" option - this has been known to cause issues for some clients. To do this, follow the steps below:

1. Navigate to Global > Limits and Settings  > #FTP Settings.

2. Select Global Properties. (If this is not available, first select Use Custom Settings to gain access to it).

3. On the Advanced Options tab, make sure "Block FTP_Bounce and FXP" is unchecked (which it is by default).