Solved

FTP issue

Posted on 2011-03-14
11
754 Views
Last Modified: 2012-05-11
I am trying to transfer a test file test.txt from my Computer to a Linux Server behind a firewall. I am able to connect to the server but I am not able to transfer the file, Below is the error

I have submitted this question earlier, It worked using a FTP client but I want it to work from msdos prompt


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

U:\>c:

C:\>ftp XXX.XXX.128.23
Connected to XXX.XXX.128.23
220 Access to this Computer System is Strictly Regulated and Subject to Criminal
 Prosecution
User (XXX.XXX.128.23:(none)): schtz
331 Please specify the password.
Password:
230 Login successful.
ftp> put test.txt
500 Illegal PORT command.
> ftp: bind :Unknown error number
ftp> literal passive
500 Unknown command.
ftp> literal pasv
227 Entering Passive Mode (XXX,XXX,128,23,46,224)
ftp> put test.txt
> ftp: bind :Unknown error number
ftp>

Open in new window

0
Comment
Question by:mnis2008
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 6

Expert Comment

by:nettek0300
ID: 35129588
You may have to change modes.  Try typing bin for binary and then resend the file.  If that does not work, try typing ascii for ascii before sending.  
0
 

Author Comment

by:mnis2008
ID: 35129609
Both my connection and data ports are open.

ftp> mkdir test
257 "/test" created
ftp> cd test
250 Directory successfully changed.
ftp> ls
500 Illegal PORT command.
> ftp: bind :Unknown error number
ftp> cd ..
250 Directory successfully changed.
ftp> ls
> ftp: bind :Unknown error number
ftp>
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35129849

It seems to be evident that your data port is not open! What makes you think it is?

The messages you posted say that every command using only the control connection works, but any command needing the data connection doesn't.

So please recheck your firewall settings (end-to-end!)

wmp
0
 
LVL 16

Accepted Solution

by:
AlexPace earned 300 total points
ID: 35129913
The data channel is used whenever you transfer a file or request a directory listing.

In that last log you when you sent an "ls" the server replied 500 Illegal PORT command.

That means you attempted to get a directory listing in Active Mode and the server rejected it. This could be for several reasons.  Most likely the server does not allow Active Mode transfers and you'll need to use PASV mode but it could be something less obvious like perhaps your firewall is "protocol aware" with regard to FTP and is modifying the IP address in your PORT command on the fly but it is making a mistake.  To know for sure you'd almost need a copy of the server's log to see what it thinks you sent.

In your first example you sent a literal PASV to request passive mode and the server replied with a positive response and invited you to use port 12000 as the data port for the upload.  Unfortunately the DOS ftp client can't do passive mode as far as I know.

To calculate the port that the server invited you to use, look at the last two numbers in the server's response to the PASV command: 46, 224

Convert them to hex:
46 = 2E
224 = E0

Now combine them: 2EE0

Now convert back to decimal 2EE0 = 12000

The built-in windows calculator can help you do this if you put it in programmer or scientific mode.
0
 

Author Comment

by:mnis2008
ID: 35129916
Hello wmp,

I am able to create a file and navigate inside the folder, So I thought my data port was open, Now I think I am wrong, Is there any test which can tell me that my data connection port is not open.

Steve
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 16

Expert Comment

by:AlexPace
ID: 35129936
Oh also don't trust that old RFC that says FTP uses port 20 for the data channel because that was written before the invention of passive mode.
0
 
LVL 8

Expert Comment

by:LunarNRG
ID: 35141839
AlexPace is correct, the windows built-in ftp command-line client is not capable of passive mode ftp.

I believe most web browsers (IE, firefox, chrome) use passive mode by default for ftp urls, or quickly switch to passive mode if required. If you get a directory listing using a browser then you should be fine with an ftp client that can deal with passive mode[1]. If not, then the firewall is almost certainly getting in the way.

[1] http://www.ncftp.com/ncftp/ is one such.

HTH!
0
 

Author Comment

by:mnis2008
ID: 35142219
Thanks guy for all your information.

I am able to connect to the server in passive mode. Now the question is how can I tell If I have a FTP server that supports passive or active mode. I am using linux and how can this be told.

If there is a provision is there any parameter that I need to turn off/on to switch modes.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 35142271
Virtually every FTP server supports passive mode.
Some of the have the option to define a port range for passive mode ports.

Which FTP server do you use on Linux?

Check with "man ftpd" on Linux how to display brand and version.
Should be something like "/usr/sbin/ftpd -v" or "...... -version" or "......--version" or "..... --help"

0
 

Author Comment

by:mnis2008
ID: 35142343
I am using vsftpd on linux

 /usr/sbin/vsftpd -v
vsftpd: version 2.0.5

But how can I check if its a ACTIVE OR PASSIVE supported...???
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 200 total points
ID: 35142380
/etc/vsftpd.conf:

pasv_enable
    Set to NO if you want to disallow the PASV method of obtaining a data connection.
pasv_promiscuous
    Set to YES if you want to disable the PASV security check that ensures the data connection
    originates from the same IP address as the control connection.
pasv_max_port
    The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port
    range to assist firewalling.
pasv_min_port
    The minimum port to allocate for PASV style data connections. Can be used to specify a narrow
    port range to assist firewalling.


In your Q you quoted a log entry:

ftp> literal pasv
227 Entering Passive Mode (XXX,XXX,128,23,46,224)


This shows that the server accepted passive mode.

wmp
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now