[Gllug] Problem with VSFTP

Joel Bernstein joel at fysh.org
Tue Dec 9 11:10:03 UTC 2008


Hi Hakuna

2008/12/9 Hakuna Matata <narender.hooda at gmail.com>:
> i am able to access the ftp on internal interface interface
> successfully but while accessing it via public facing IP/interface i
> am getting the below error.
>
> 230 Login successful.
> ftp> ls
> 500 Illegal PORT command.
> 425 Use PORT or PASV first.

Looks like it's not setting up the ftp-data connection, presumably a
firewall issue.
You may need to use passive mode, as it suggests.

> i have a cisco pix firewall between public IP and outside world.

Oh then it's probably got "fixup protocol ftp" somewhere in its
config. PIXes have a very limited and broken application-level
firewall/proxy for SMTP, FTP, H.323 etc. Chances are it's proxying and
munging your FTP traffic. If you have access to the firewall, consider
whether "no fixup protocol ftp" is more appropriate. A modern ftpd is
likely to have better ftp security/access-control features than a PIX
anyway.

/joel
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list