illegal port command

Mikepoison · Post by *Mikepoison » 2004-05-14, 07:05 UTC

When using the FTP service in total commander most of my connects die when the PORT command is issued, with the response "illegal port command'". I'm not entirely sure what this means, as ftp programs like flashfxp don't seem to cause this error...

TYPE A
200 Type set to A.
PORT 10,0,0,150,8,100
500 Illegal PORT Command

Aside from the fact that other FTP programs I'm trying do not issue the port command and work fine, this seems to be a malformed port command, as the FTP RFC states the syntax is [PORT <SP> <host-port> <CRLF>], which would come down to [PORT 10,0,0,15,xxxxx] followed by a control-f. Does anyone know how to make total commander skip sending a PORT command, or make it send a proper one instead?

Mike Kamermans

Clo · Post by *Clo » 2004-05-14, 07:18 UTC

2Mikepoison

Hello !
• Did you try "Passive mode" ?

KR
Claude
Clo

Mikepoison · Post by *Mikepoison » 2004-05-14, 20:38 UTC

PASV and PORT are two non-related ftp functions, and the PORT command is issued before the PASV command by total commander, which means turning it on or off has no effect (to make sure that was the case, I also tested this, and in both cases PORT is issued first, resulting in a

The issued PORT command is simply not well-formed in accordance to RFC959, at least not when interfacing with the clean install of windows 2000 on my system, behind a router with multiNAT turned on. Instead it leads to a "500 illegal PORT command" error message.

Since the PORT command is not strictly needed, I would like to know if it's possible to turn this off, or to manually format the PORT command so that it is well-formed in the eyes of FTP servers.

Mike

Clo · Post by *Clo » 2004-05-14, 21:56 UTC

2Mikepoison

Hi !

...and the PORT command is issued before the PASV command by total commander, ...

• PORT is not sent systematically by TC ! Please, see below a log for a connection at home without PORT:

Code: Select all

230 User charries logged in.
SYST
215 UNIX Type: L8
FEAT
211-Features:
 MDTM
 REST STREAM
 SIZE
211 End
CWD /pub/
250 CWD command successful.
Connect ok!
PWD
257 "/pub" is current directory.
Lire le répertoire
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (193,252,19,115,238,110)
LIST
150 Opening ASCII mode data connection for file list
....................

* You might send a complete log of that unsuccessful connection via email to the Author: supportATghislerDOTcom, in order he could parse it to find the cause.

* I don't think that it's possible to change the PORT command configuration by hand in TC.

Kind regards,
Claude
Clo

Post by *ghisler(Author) » 2004-05-17, 19:57 UTC

PORT 10,0,0,150,8,100

10.0.0.x is a private network which isn't routed over the Internet. I guess that you are behind a NAT router (network address translation). PORT mode only works with these routers if they have stateful packet inspection and support the FTP protocol. For example, my firewall does - it converts the internal address to the correct exteral address when it sees a PORT command in an FTP transfer. Most cheap boxes don't support it, though. You can use PASV mode in this case, but only if the server isn't behind a NAT router too...

berggreen · Post by *berggreen » 2004-08-12, 09:11 UTC

Is there a way to prevent TC sending the PORT command?

I cannot connect to my companys FTP server with TC BUT it works fine with FlashFXP!!! This proves that it IS possible to make FTP work behind a NAT router.

I have looked in the log files and the only difference seems to be that TC sends a (wrong) PORT command whereas FlashFXP doesn't.

I have tried to send a correct PORT command in the "Send commands" field in TC. Unfortunately this PORT command is sent before the wrong PORT command

Any suggestions are welcome.

Post by *ghisler(Author) » 2004-08-12, 18:32 UTC

The PORT command is only sent when the PASV command fails. So it seems that something is preventing TC from making the data connection.

berggreen · Post by *berggreen » 2004-08-13, 07:14 UTC

I agree that from the log file it seems that TC first tries a PASV command and then issues a PORT command.

The big question remains: How come it works in FlashFXP?
These are the commands sent by FlashFXP:

USER test
PASS (hidden)
SYST
REST 100
REST 0
PWD
TYPE A
PASV
LIST

Except for the REST commands which shouldn't make any difference it looks like the same commands issued by TC.

Could it be that the PASV command is completed successfully but TC somehow gets the returncode wrong?

Genghis86 · Post by *Genghis86 » 2004-08-15, 03:02 UTC

Routers only fix PORT commands on connections to port 21. It is possible you are connecting to :21 in FlashFXP, and a non-standard FTP port in TC.

Post by *ghisler(Author) » 2004-08-16, 16:24 UTC

How does the REPLY to the PASV command look like? Is the IP address reported the same as the IP of the server, or is it some internal network address, e.g. starting with 10. or 192.168?

Genghis86 · Post by *Genghis86 » 2004-08-17, 00:25 UTC

On my FTP server:

PASV
227 Entering Passive Mode (123,123,123,123,221,63).

221*256 + 63 being the port, and 123.123.123.123 being the IP address.
Usually the IP is the same as the server, but that not might be the case.
Sometimes poorly configured ftp servers that are behind NAT will echo their internal IP address instead (like 10.0.0.12 or 192.168.0.54). In that case, FlashFXP has "Server behind NAT/Masq/Non-Routable IP" option, which will disregard the IP given in PASV command and connect to the server of the IP.

berggreen · Post by *berggreen » 2004-08-17, 08:37 UTC

The reply to the PASV command is:

PASV
227 Entering Passive Mode (192,168,1,7,220,251).

This is the same for TC and FlashFXP. The IP address is the internal IP address of the server.

TC then goes on with this PORT command (even though the PASV command seems to be OK?):

PORT 192,168,0,115,4,113
200 Port command successful.

This IP address is the INTERNAL address of the client. It should be the external IP address or better yet: TC shouldn't end the PORT command at all.

berggreen · Post by *berggreen » 2004-08-17, 15:12 UTC

I just found a solution to my problem: The FTP server was set up to use a port range from 1024 to 65636 for passive mode connetions. However only a single port was opened through the firewall. This is the reason why the PASV command (almost) always failed.

So Genghis86 was right about "poorly configured FTP servers"

I'm glad that I can use TC again. Thanks for your patience

MacQ · Post by *MacQ » 2004-08-18, 08:23 UTC

Partly off-topic:

How can I move files over ftp in TC on the server. For example I can create directories and rename them, but I can't seem to move the directories in the same panel. When I try to copy the dirs from one panel to the other (same ftp) the transfer stops.

Help.

Post by *Hacker » 2004-08-18, 09:27 UTC

Shift-F6, prefix filename with "dirname/".

HTH
Roman

Total Commander