FTP server: PORT command not supported??

Question

Level 1

0 points

FTP server: PORT command not supported??

Hi,

In a nutshell - we are trying to set up PASV -- PORT connection between a Tiger server (10.4.11) and another system (say it's a windows FTP server). Issuing a PORT command to a Tiger FTP server fails with this error:

-> PORT 192,168,11,3,199,158
<- 500 Invalid PORT command

I have done some research on the web and as far as I can see - this is just a feature that is disabled in Mac OS X ftp server.

What's strange is that "features" command states that PORT is supported.

Has anyone seen PORT command work for a Tiger Server ftp daemon?

Has anyone succeeded enabling this command on a Tiger server?

Can you recommend another FTP server that works well on a Tiger server?

Thanks a million,

Darius

Different on different projects, Mac OS X (10.4.11)

Posted on Dec 14, 2007 2:15 AM

Reply

Answer 1

Dec 16, 2007 10:25 AM in response to madutis

Hi

Can you recommend another FTP server that works well on a Tiger server? <</div>

RumpusFTP Server: http://www.maxum.com/Rumpus.

Worked well on Server versions prior to 10.4 and will probably work on 10.5 Server too.

Hope this helps, Tony

Reply

Answer 2

MrHoffman

Level 10

146,443 points

Dec 16, 2007 11:07 AM in response to madutis

Passive (PASV) and Port (PORT) mechanisms are orthagonal.

If you're working with PORT, then you're almost certainly trying to clear through one or more firewalls. And a firewall can also trigger the Illegal Port Command error for a PORT command.

(Though I don't see a PORT command in the Mac OS X ftp client. I've checked a couple of clients, and it isn't common to expose it.)

ftp is a mess. Insecure, difficult to configure, insecure, firewall unfriendly, insecure, and slow. And did I mention insecure?

(No, I'm not a big fan of ftp.)

Some reading material:
http://www.cert.org/techtips/ftp_portattacks.html
http://www.slacksite.com/other/ftp.html
http://cr.yp.to/ftp/security.html

As for a suggestion, chuck ftp and switch to sftp.

Reply

Answer 3

madutis Author

Level 1

0 points

Dec 16, 2007 12:14 PM in response to MrHoffman

Hi,

Thanks for an opinion, you'll be surprised I'm not a big fan of ftp either. 🙂

In this case, my client is setting up a TV automation solution where they stream video content between a Tiger Server shared Xsan volume and a videoserver. There's not a big choice of protocols both systems support so they need FTP.

There is no firewall in this setup, this network does not have a connection to the outside, so security is not a big issue.

The main concern is that PORT command on Tiger Server FTP daemon is just not supported. We are testing "literal port aa,bb,cc,dd,x1,x2" from PC client or "quote port aa,bb,cc,dd,x1,x2" from Os X client (even on this same machine), they both respond with 500 Incorrect PORT command error.

Regards,
Darius

Reply