Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 822
  • Last Modified:

FTP issue

I am trying to transfer a test file test.txt from my Computer to a Linux Server behind a firewall. I am able to connect to the server but I am not able to transfer the file, Below is the error

I have submitted this question earlier, It worked using a FTP client but I want it to work from msdos prompt


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

U:\>c:

C:\>ftp XXX.XXX.128.23
Connected to XXX.XXX.128.23
220 Access to this Computer System is Strictly Regulated and Subject to Criminal
 Prosecution
User (XXX.XXX.128.23:(none)): schtz
331 Please specify the password.
Password:
230 Login successful.
ftp> put test.txt
500 Illegal PORT command.
> ftp: bind :Unknown error number
ftp> literal passive
500 Unknown command.
ftp> literal pasv
227 Entering Passive Mode (XXX,XXX,128,23,46,224)
ftp> put test.txt
> ftp: bind :Unknown error number
ftp>

Open in new window

0
mnis2008
Asked:
mnis2008
  • 4
  • 3
  • 2
  • +2
2 Solutions
 
nettek0300Commented:
You may have to change modes.  Try typing bin for binary and then resend the file.  If that does not work, try typing ascii for ascii before sending.  
0
 
mnis2008Author Commented:
Both my connection and data ports are open.

ftp> mkdir test
257 "/test" created
ftp> cd test
250 Directory successfully changed.
ftp> ls
500 Illegal PORT command.
ftp: bind :Unknown error number
ftp> cd ..
250 Directory successfully changed.
ftp> ls
ftp: bind :Unknown error number
ftp>
0
 
woolmilkporcCommented:

It seems to be evident that your data port is not open! What makes you think it is?

The messages you posted say that every command using only the control connection works, but any command needing the data connection doesn't.

So please recheck your firewall settings (end-to-end!)

wmp
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
AlexPaceCommented:
The data channel is used whenever you transfer a file or request a directory listing.

In that last log you when you sent an "ls" the server replied 500 Illegal PORT command.

That means you attempted to get a directory listing in Active Mode and the server rejected it. This could be for several reasons.  Most likely the server does not allow Active Mode transfers and you'll need to use PASV mode but it could be something less obvious like perhaps your firewall is "protocol aware" with regard to FTP and is modifying the IP address in your PORT command on the fly but it is making a mistake.  To know for sure you'd almost need a copy of the server's log to see what it thinks you sent.

In your first example you sent a literal PASV to request passive mode and the server replied with a positive response and invited you to use port 12000 as the data port for the upload.  Unfortunately the DOS ftp client can't do passive mode as far as I know.

To calculate the port that the server invited you to use, look at the last two numbers in the server's response to the PASV command: 46, 224

Convert them to hex:
46 = 2E
224 = E0

Now combine them: 2EE0

Now convert back to decimal 2EE0 = 12000

The built-in windows calculator can help you do this if you put it in programmer or scientific mode.
0
 
mnis2008Author Commented:
Hello wmp,

I am able to create a file and navigate inside the folder, So I thought my data port was open, Now I think I am wrong, Is there any test which can tell me that my data connection port is not open.

Steve
0
 
AlexPaceCommented:
Oh also don't trust that old RFC that says FTP uses port 20 for the data channel because that was written before the invention of passive mode.
0
 
LunarNRGCommented:
AlexPace is correct, the windows built-in ftp command-line client is not capable of passive mode ftp.

I believe most web browsers (IE, firefox, chrome) use passive mode by default for ftp urls, or quickly switch to passive mode if required. If you get a directory listing using a browser then you should be fine with an ftp client that can deal with passive mode[1]. If not, then the firewall is almost certainly getting in the way.

[1] http://www.ncftp.com/ncftp/ is one such.

HTH!
0
 
mnis2008Author Commented:
Thanks guy for all your information.

I am able to connect to the server in passive mode. Now the question is how can I tell If I have a FTP server that supports passive or active mode. I am using linux and how can this be told.

If there is a provision is there any parameter that I need to turn off/on to switch modes.
0
 
woolmilkporcCommented:
Virtually every FTP server supports passive mode.
Some of the have the option to define a port range for passive mode ports.

Which FTP server do you use on Linux?

Check with "man ftpd" on Linux how to display brand and version.
Should be something like "/usr/sbin/ftpd -v" or "...... -version" or "......--version" or "..... --help"

0
 
mnis2008Author Commented:
I am using vsftpd on linux

 /usr/sbin/vsftpd -v
vsftpd: version 2.0.5

But how can I check if its a ACTIVE OR PASSIVE supported...???
0
 
woolmilkporcCommented:
/etc/vsftpd.conf:

pasv_enable
    Set to NO if you want to disallow the PASV method of obtaining a data connection.
pasv_promiscuous
    Set to YES if you want to disable the PASV security check that ensures the data connection
    originates from the same IP address as the control connection.
pasv_max_port
    The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port
    range to assist firewalling.
pasv_min_port
    The minimum port to allocate for PASV style data connections. Can be used to specify a narrow
    port range to assist firewalling.


In your Q you quoted a log entry:

ftp> literal pasv
227 Entering Passive Mode (XXX,XXX,128,23,46,224)


This shows that the server accepted passive mode.

wmp
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now