Opened on Sep 9, 2008 at 2:53:32 PM
#2566 closed defect (worksforme)
Illegal PORT command
Reported by: | anonymous | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 3.2 |
Component: | ftp-tls | Version: | 3.0.2 |
Severity: | normal | Keywords: | |
Cc: | Architecture: | PPC | |
Platform: | Mac OS X 10.5 |
Description (last modified by dkocher)
I'm using Cyberduck to connect to a Freecom FSG-3 via FTP-SSL with TLS. The login works, but then there is an illegal port command. Cyberduck sends the IP-address from the private network my laptop is logged in. Here is the log file:
220 vsFTPd 2.0.5+ (ext.2) patched by Freecom - ready... AUTH TLS 234 Proceed with negotiation. PBSZ 0 200 PBSZ set to 0. PROT P 200 PROT now Private. USER ******* 331 Please specify the password. PASS ******** 230 Login successful. PWD 257 "/home" NOOP 200 NOOP ok. SYST 215 UNIX Type: L8 STAT /home/Medienserver 213-Status follows: 213 End of status CWD /home/Medienserver 250 Directory successfully changed. FEAT 211-Features: AUTH SSL AUTH TLS EPRT EPSV MDTM PASV UTF8 PBSZ PROT REST STREAM SIZE TVFS 211 End PASV 227 Entering Passive Mode (88,75,117,112,199,135) PORT 192,168,0,239,229,141 500 Illegal PORT command. PASV 227 Entering Passive Mode (88,75,117,112,228,19) PORT 192,168,0,239,229,143 500 Illegal PORT command.
I'm pretty sure that this was working with an older version.
Change History (9)
comment:1 Changed on Mar 19, 2009 at 11:02:01 AM by dkocher
- Milestone 3.2 deleted
- Summary changed from FTP-SSL failure to Illegal PORT command
comment:2 Changed on Mar 19, 2009 at 11:02:38 AM by dkocher
- Description modified (diff)
comment:3 Changed on Mar 19, 2009 at 11:03:01 AM by dkocher
comment:4 Changed on Apr 22, 2009 at 10:12:27 AM by dkocher
- Milestone set to 3.2
- Resolution set to fixed
- Status changed from new to closed
comment:5 Changed on May 18, 2009 at 7:01:45 PM by raven
I am still experiencing the same problem with version 3.2 (4648). Cyberduck sends a PORT command with the wrong local (behind a NAT router) ip adress when using SSL/TLS. Using unencrypted connections works fine, though.
This is the log file:
NOOP 200 NOOP command successful TYPE I 200 Type set to I PASV 227 Entering Passive Mode (78,47,115,23,172,113). PORT 192,168,178,22,197,54 500 Illegal PORT command
comment:6 Changed on May 18, 2009 at 7:46:21 PM by raven
The problems from my last comment seem to be at least partly related to a broken firewall config on my server. Or rather: FTPS being a completely borked protocol, from a security standpoint (Passive FTP + TLS and stateful firewalling based on conntrack_ftp don't really mix, you have to manually open a range of ports for that in the firewall).
But still: Why is/was Cyberduck sending my local (NATted) IP to the server?
-David
comment:7 Changed on Jun 8, 2010 at 9:01:08 PM by adam@…
- Resolution fixed deleted
- Status changed from closed to reopened
This bug is still present in version 3.4.2 (5902). Passive mode is completely broken:
NOOP 200 Zzz... TYPE I 200 TYPE is now 8-bit binary PASV 227 Entering Passive Mode (174,132,19,132,241,78) PORT 192,168,1,5,218,92 500 I won't open a connection to 192.168.1.5 (only to xxx.xxx.xxx.xxx)
(My IP address removed.)
comment:8 Changed on Jun 8, 2010 at 9:22:03 PM by adam@…
Actually, I may have been mistaken. It looks like the passive connection failed and I'm guessing Cyberduck fell back to trying active instead. (Though if that's the case, then it would be a good idea for Cyberduck to tell the user that that's what happened.)
comment:9 Changed on Jul 22, 2010 at 4:27:47 PM by dkocher
- Architecture set to PPC
- Platform set to Mac OS X 10.5
- Resolution set to worksforme
- Status changed from reopened to closed
Do you still have the issue with version 3.1?