Has anyone figured out how to ftp a file down to a EC2 AMI using ubuntu on the command line?
I am able to connect to ftp.drupal.org (I'm trying to dowmload a Drupal module) and then I can't even execute a simple 'ls' let alone a 'get'.
I just get the hideous '500 Illegal PORT command'
MadHatter
71k1111 gold badges150150 silver badges207207 bronze badges
chuckboycejrchuckboycejr
closed as off-topic by Jenny D, masegaloeh, mdpc, HopelessN00bMar 18 '15 at 1:17
1 Answer
Linux command-line ftp defaults to using active-mode FTP. Try switching to passive mode with the MadHatterMadHatter
pass command:
71k1111 gold badges150150 silver badges207207 bronze badges
Not the answer you're looking for? Browse other questions tagged amazon-ec2ftpubuntu-10.04 or ask your own question.
We have had a windows service running without any issues for some time but is now throwing 500, invalid port command errors when attempting to make an FTP connection.
Using Core FTP lite client from the same server I can connect to the FTP server in Active and Passive modes without any problems. The firewall rules have not changed and the application code has not changed at all.
Any ideas why only when attempting to connect from the windows app the Invalid Port Command error is thrown would be much appreciated.
Thank you,
richard hartzrichard hartz
1 Answer
I tried the second solution on this post and it solved my problem. I also had to upgrade to IIS 7.5 FTP and allow the passive ports on both my WIndows 2008 Server Firewall and my external Firewall
Community♦
Alexandre MarcondesAlexandre Marcondes
4,55022 gold badges1919 silver badges2828 bronze badges
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
500 Lprt Not UnderstoodNot the answer you're looking for? Browse other questions tagged ftp or ask your own question.
I'm using a Ubuntu Server on a VirtualBox machine. Apache and SSH are working, but FTP after successfully connect to the server and login, it sends a error message:
My vstpd.conf file:
Braiam
53.4k2121 gold badges143143 silver badges227227 bronze badges
KennyKenny
3 Answers
jackbenny is close..
I am running on AWS with Ubuntu here is what I did to make vsftpd behave correctly:
Then you have to make sure you are allowing ports,
20,21,30000-30100 through. Keep in mind that the port choices 30000-30100 are completely arbitrary and can be whatever you want. Although, I would stick to ports above 10000 and a range of 100 or more.
Brandon BeardenBrandon Bearden
Did you get that error while connecting from 'the outside'? In that case you might need to add your external IP to vsftpd so that it know which IP to send to it's clients when using passive mode FTP.
Try adding
pasv_address=<YOUR_IP_HERE> to your config.
You can also try to switch your FTP-client to active mode and see if you still get the same error.
You might also need to set the port range for passiv FTP and also enabling passiv mode FTP. Try addning these lines (replace START_PORT and END_PORT with your desired ports, and also don't forget to port forward them in your router):
jackbennyjackbenny
I don't know what is happening here, but this problem is too damn old. I've finally solved this a few weeks ago when I re installed my virtual machine and followed all the instructions carefully. Answers were so helpful anyways.
KennyKenny
Not the answer you're looking for? Browse other questions tagged virtualboxftpvsftpd or ask your own question.
I've set up proftpd to use ssl/tls. Trying to connect I get an 'Illegal PORT command'
iptables:
Connecting via normal ftp works just fine..
I'm using WS_FTP with ftp-authssl//xxx.nl/.. I tried several other connection options, ports, etc. But all give the same error. Althoiugh it seems that sometimes a first directory listing is shown (but that might be caching of WS_FTP)
PatrickPatrick
4 Answers
First note that the two final commands, PORT and PASV, have nothing to do with each other. They're two independent connection attempts (one for active FTP, one for passive FTP).
So, your PORT failure is expected.
The way
PORT works (the 'active FTP' mode) is by having the client send its own address to the server – the server connects back to you for data transfer.
According to the logs, your client computer is behind a NAT and has a 'private' IP address. That's the only address it knows, so that's what it sends with the PORT command.
Usually, your router would recognize an FTP connection and sneakily edit the PORT command, replacing your private address with the router's own public one. (Or, if you're unlucky, it would replace it with garbage.)
However, since your control connection is now encrypted using TLS, the router cannot perform this fixup (all it sees is encrypted data), and the server receives exactly what your client sends: your private address.
Since the server is on another network, it cannot possibly reach a private address (that's the whole point of NAT). Although it doesn't even bother trying – for security reasons, most servers just immediately refuse any address that doesn't exactly match where the control connection came from.
tl;dr Switch your FTP client to passive mode. Yes, your logs show passive mode (PASV) being broken as well. But at least it's somewhat fixable if your server has a dedicated public IP address, whereas active mode is not.
What about PASV? Well, the problem is similar.
Usually, your server's firewall would snoop on the FTP control connection, extract the temporary port from the 'Entering passive mode (x,y,z…)' reply, and mark it as belonging to a 'RELATED' connection. Then your rule #004 would allow it.
However, again, iptables cannot see through TLS (all it sees is encrypted data) and can no longer recognize your FTP data connections as related. So your connection just hits rule #999 and is dropped.
To make PASV work, you will need to configure ProFTPd to use a specific range of passive ports (doesn't matter what range exactly), and tell iptables to allow connections to those ports.
grawitygrawity
253k3838 gold badges534534 silver badges599599 bronze badges
This command means that the client is listening on the IP address 192.168.192.14 port 54197 for the data connection from the server. 192.168.*.* are private IP addresses which can not be routed over the internet. This means that this IP address can not reachable from a server on the internet. And this why the server considers the PORT command invalid.
Steffen UllrichSteffen Ullrich
I posted the question also on SuperUser and got the answer there: I've added the following to the proftpd.conf: Eso how to install addons.
For PassivePorts see http://proftpd.org/docs/directives/linked/config_ref_PassivePorts.html
For TLSOptions see http://www.proftpd.org/docs/howto/TLS.html (based on some log messages from WS_FTP I figured out that NoSessionReuseRequired should help).
PatrickPatrick
This worked for me:You need to add the below lines to
vsftpd.conf . I spent days trying to find this answer
Below all the non commented items in vsftpd.conf
albertalbert
Not the answer you're looking for? Browse other questions tagged ftpproftpd or ask your own question.Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |