Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 30, 2015 10:07 PM
Hi.
I am trying to use the cmd ftp functionality to connect from a VM (Windows 2008R2) in Azure to a remote ftp host.
I can authenticate with the remote host, and as soon as I issue ls command, the following message is displayed "ftp 500 illegal port command rejected".
I can easily use WinSCP on the same VM, connect to the remote host and do all I need to do, no issue.
Can anybody please help me understand why cmd ftp returns this error and what I should to correct it?
Thank you very much.
All replies (3)
Thursday, December 10, 2015 7:49 AM âś…Answered
I know my answer is a bit late but it maybe still be helpful for you or some.
So what you could do is try Passive FTP. This way you dont have to open a gazillon ports.
Also you should consider using a more secure Protocol than plain FTP.
You can do that with Tools like Filezilla (filezilla-project.org) or SysaxServer (sysax.com).
Saturday, October 31, 2015 1:22 PM
Hi,
Thanks for posting here.
After a client initiates an FTP session, the server establishes a new back connection to the client. This connection extends from the server (outside the firewall boundaries) to a dynamically allocated port number on the client computer. Because the port number is not known in advance, old packet filters open the entire range of high-numbered ports (greater than 1023) for incoming connections. This reconnection at a higher port is done with the following FTP command:
port h4, h4, h4, h4, p1, p2
The values of h4 through h4 are octets of the client IP address. The last two values of p1, and p2 are used to determine the port. The following formula is for p1, and p2:
p1 X 256 + p2 = port
Resolution:
If the Firewall Network Address Translation (NAT) does not correctly change this IP address (h4 through h4), the server generates the error message (noted in the "Symptoms" section of this article) on the command.
This problem is more likely to manifest when the FTP server changes from listening on port 21 to another, higher port.
Girish Prajwal
Saturday, October 31, 2015 6:48 PM
Hi, Girish.
Thank you for the reply.
Is there any way I can sort this out in an Azure VM? The thing is I understand what the issue is, but I can not open endless number of end points (ports)...
It seems that the remote ftp hosts passive ports range is quite wide..
Thank you in advance for your help.