FTP Server: PASV / Illegal PORT Command Issues
Hi,
I'm hoping someone can shed some light on this.
We have an iMac running 10.6.6 server with the FTP service running. Everything has worked fine for the last 6 months, including an office move (new IPs, etc) but suddenly in this last week, a lot of users (internal and external) are getting an "Illegal PORT Command" error when connecting.
The iMac is behind an Airport firewall with ports 20 and 21 forwarded to the server.
From what I've read the issue is a NAT related but I can figure out how to fix. The weird thing is that none of us here can think of any changes we've made on the server or Airport in the last week.
I've tried a mismatch of rules in the ftpaccess config file in /Library/FTPServer/Configuration/:
passive address external_ip 0.0.0.0/0
pasv-allow all 10.0.1.1/24
passive ports 10.0.1.1/24 54350 65535
with no success.
Debug from transmit when connecting:
Transmit 4.1.5 (x86_64) Session Transcript [Version 10.6.6 (Build 10J567)] (11-02-24 2:10 PM)
LibNcFTP 3.2.3 (July 23, 2009) compiled for UNIX
220: server.private FTP server ready.
Connected to domain_name
Cmd: USER username
331: Password required for username.
Cmd: PASS xxxxxxxx
230: User username logged in.
Cmd: TYPE A
200: Type set to A.
Logged in to domain_name as username.
Cmd: SYST
215: UNIX Type: L8 Version: BSD-199506
Cmd: FEAT
211: Supported features:
REST STREAM
ADAT
AUTH
CCC
CONF
ENC
MIC
PBSZ
PROT
MDTM
UTF8
SIZE
End
Cmd: OPTS UTF8 ON
200: UTF-8 encoding enabled
Cmd: PWD
257: "/" is current directory.
Cmd: PASV
425: Can't open passive connection: Can't assign requested address.
Passive mode refused.
Connection falling back to port (PORT) mode.
Cmd: PORT 10,0,1,6,250,79
500: Illegal PORT Command
Cmd: PORT 10,0,1,6,250,80
500: Illegal PORT Command
Cmd: PORT 10,0,1,6,250,81
500: Illegal PORT Command
Cmd: PORT 10,0,1,6,250,82
500: Illegal PORT Command
Disconnecting from server…
Cmd: QUIT
221: You have transferred 0 bytes in 0 files.
Total traffic for this session was 187 bytes in 0 transfers.
Thank you for using the FTP service on server.private.
Goodbye.
Anyone know what I can try?
Thanks.
Message was edited by: s-chilly
I'm hoping someone can shed some light on this.
We have an iMac running 10.6.6 server with the FTP service running. Everything has worked fine for the last 6 months, including an office move (new IPs, etc) but suddenly in this last week, a lot of users (internal and external) are getting an "Illegal PORT Command" error when connecting.
The iMac is behind an Airport firewall with ports 20 and 21 forwarded to the server.
From what I've read the issue is a NAT related but I can figure out how to fix. The weird thing is that none of us here can think of any changes we've made on the server or Airport in the last week.
I've tried a mismatch of rules in the ftpaccess config file in /Library/FTPServer/Configuration/:
passive address external_ip 0.0.0.0/0
pasv-allow all 10.0.1.1/24
passive ports 10.0.1.1/24 54350 65535
with no success.
Debug from transmit when connecting:
Transmit 4.1.5 (x86_64) Session Transcript [Version 10.6.6 (Build 10J567)] (11-02-24 2:10 PM)
LibNcFTP 3.2.3 (July 23, 2009) compiled for UNIX
220: server.private FTP server ready.
Connected to domain_name
Cmd: USER username
331: Password required for username.
Cmd: PASS xxxxxxxx
230: User username logged in.
Cmd: TYPE A
200: Type set to A.
Logged in to domain_name as username.
Cmd: SYST
215: UNIX Type: L8 Version: BSD-199506
Cmd: FEAT
211: Supported features:
REST STREAM
ADAT
AUTH
CCC
CONF
ENC
MIC
PBSZ
PROT
MDTM
UTF8
SIZE
End
Cmd: OPTS UTF8 ON
200: UTF-8 encoding enabled
Cmd: PWD
257: "/" is current directory.
Cmd: PASV
425: Can't open passive connection: Can't assign requested address.
Passive mode refused.
Connection falling back to port (PORT) mode.
Cmd: PORT 10,0,1,6,250,79
500: Illegal PORT Command
Cmd: PORT 10,0,1,6,250,80
500: Illegal PORT Command
Cmd: PORT 10,0,1,6,250,81
500: Illegal PORT Command
Cmd: PORT 10,0,1,6,250,82
500: Illegal PORT Command
Disconnecting from server…
Cmd: QUIT
221: You have transferred 0 bytes in 0 files.
Total traffic for this session was 187 bytes in 0 transfers.
Thank you for using the FTP service on server.private.
Goodbye.
Anyone know what I can try?
Thanks.
Message was edited by: s-chilly
MBP 15" 2.5Ghz, Mac OS X (10.6.6)