500 Illegal port command ftp

Столкнулся с проблемой при доступе к ftp серверу – vsftpd.
При попытке соединения получал ошибку:

При этом – 1.2.3.4 – это айпи шлюза через который я шёл клиентом, а 172,16,5,239,15,188 – это внутренний айпи клиента и соответственно порт.

На фтп я шёл total commender’ом. При этом тотал командер показывал что соединение и запрос PORT шел от имени внутреннего интерфейса шлюза, за которым находится vsftpd.

На шлюзах – нат и форвардинг портов. Все настроено, соединение доходило до vsftpd, но отдавать директорию он не хотел, спотыкаясь на «500 Illegal PORT command».

Решение оказалось в следующем. В конфиге vsftpd (vsftpd.conf) есть переменная:

Это значит что vsftpd использует линуксовые /etc/hosts.allow и /etc/hosts.deny для контроля доступа.
При этом он может дополнительно указывать какой конфиг применять к какому клиенту через переменную VSFTPD_LOAD_CONF. У меня строки выгладели примерно так:

vsftpd: 1.2.3.4: setenv VSFTPD_LOAD_CONF /etc/vsftpd/conf/secure.conf

В файле /etc/vsftpd/conf/secure.conf – одна строка – pam_service_name=vsftpd-secure (важно, но не суть).

Собственно необходимо было добавить в /etc/hosts.allow адрес внутреннго интерфейса шлюза за которым был vsftpd и который показывал во время соединения ftp клиент (total commender) – в нашем случае это – 192.168.2.3:

vsftpd: 192.168.2.3: setenv VSFTPD_LOAD_CONF /etc/vsftpd/conf/secure.conf

Или пробовать отключать tcp_wrappers (по дефлту эта переменная стоит в NO).

I’ve setup an vsftpd on my Ubuntu 16.04 using this tutorial.

I can connect to server using FileZilla but not through PhpStorm. It issues this error when I try to upload a file to server:

Failed to transfer file ‘C:xampphtdocssherkatartisan.php’: cant open output connection for file "ftps://SERVER-IP/artisan.php". Reason: "500 Illegal PORT command.".

What’s wrong with my config?

Читайте также:  Где найти в телефоне буфер обмена леново

1 Answer 1

The FTP protocol supports two modes for the data connection. In the traditional mode, called "active" (which is the default), on each command sent by the client the server creates a connection back to the client and uses it to send the response. This is impossible on the most setups nowadays (actually, in the past 20+ years) because of firewalls.

There is another mode, called "passive", where the data connection for the response is also initiated by the client. It works through firewalls without problems.

Press the "Advanced options. " button, check the "Passive mode" option and you’re good to go!

As a side note, a better way is to use the SFTP protocol. If you can connect through SSH to your Ubuntu box, most probably you can also use SFTP to transfer files to it, without any other setup. FTP is an old and convoluted protocol. SFTP uses a secure connection (maybe it’s not that important for you), and a simpler protocol.

I was practicing ftp but faced an issue: ls command isn’t working on ftp> . Why? I checked on 2 remote servers but ls didn’t work on either and gave different output when ls was executed. Please see below for the 2 remote boxes.

The below shows my remote server where I installed vsftpd today.

The below is for a different remote machine where I have to send some files. But as ls on ftp> isn’t working, how will I transfer files from my local box to that box because I can’t be confirmed without ls whether the files have been transferred or not.

Please note that for the above machine, once I ran ls on ftp>, the prompt didn’t come back.

Читайте также:  Toxic biohazard что это

On both the remote machines, I got different output when executed ls on ftp>

2 Answers 2

FTP is an ancient protocol. It relies on two TCP connections: a control connection over which commands are exchanged, and data connections for the content of files and also for the output of commands such as ls . What’s happening here is that the control connection is established, but the data connections aren’t going through.

By default (active mode), data connections are established from the sender to the receiver. For the output of ls , the data is sent by the server, so the server attempts to open a connection to the client. This worked well when FTP was invented, but nowadays, clients are often behind a firewall or NAT which may or may not support active FTP. Switch to passive mode, where the client always initiates the data connection.

Check the manual of your ftp command to see how to switch to passive mode by default. For a one-time thing, typing the command passive usually does the trick.

You may wish to switch to a nicer FTP client such as ncftp or lftp.

Full Complete solution for "ftp 500 Illegal PORT command". Click the following link: http://www.ucodice.com/articles/ftp-500-illegal-port-command/.

Excerpt

Trying to connect the ftp server & getting 500 Illegal port command. This issue may occur when ftp program is not configured for Passive mode.

You may get error snippet such as:

To resolve this issue you can define the port or ftp in configuration file of ftp server & define the IP Address or PASV server.

Читайте также:  Угадай фото 124 уровень ответ

Check the configuration file for below settings.

After that restart the ftp service & check the ftp connection.