LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-11-2007, 09:05 AM   #1
shorun
Member
 
Registered: Mar 2006
Location: belguim
Distribution: fedora, mandriva, suse
Posts: 148

Rep: Reputation: 15
Question vsftpd ls error: 500 Illegal port command ftp : bind : Adress allready in use


iv'e got a situation...

on my workplace, i'm trying to set up a fileserver using vsftpd on a debian netinstall machine.

locally everything works, but from any other location (like eg. my home) i cannot do "ls"

something like this:
ftp> ls
500 illegal port command
ftp : bind : Adress allready in use

the port is set to 1028, ftp-data is set to 1027. both forward (router NAT) to the correct system, and i've set up this:
pasv_min=1030
pasv_max=1035
all these ports are forwarded correctly, but still passive does not work (my server simply does not recieve the passive connections if i do "netstat -a"

i've been looking everywhere, including on this forum but i cannot find a (working) solution...

basicly, on the local LAN, everything works just fine.
but from the moment i have to pass the router, i cannot get a directory listing in any way...

i *think* the problem must be in the router somewhere. is it possible that some routers cannot do NAT correctly? or did i simply miss something?

i've allso tryed to copy the vsftpd.conf file to my private fileserver, and set up the NAT in my router just about the same way i did on my workplace, and then everything works fine....


if you need more information about this problem, simply ask
shorun@gmail.com
 
Old 11-11-2007, 10:49 AM   #2
bmarx
Member
 
Registered: Dec 2004
Distribution: Slackware, Arch, FreeBSD
Posts: 202

Rep: Reputation: 34
From your home, are you connecting passively to the ftp server? Are you running any sort of firewall on the server itself? What type of nat translation is the router doing (i.e. a 1-1 nat translation - ip nat inside source static <private> <public>, and are you specifying ports in that statement)?

I remember trying to solve a problem similar to this, and it was a router problem. The statements in the acl permitting the traffic were below an explicit deny ip any any statement on a cisco router.

You may want to try disabling the external firewall, or allowing all traffic to pass through your router temporarily to see if that solves your problem, then you will know whether or not it is an external router/firewall issue.

Also, see if some of the suggestions at http://www.linuxquestions.org/questi...-error-248586/ are of any help
 
Old 11-12-2007, 03:27 AM   #3
shorun
Member
 
Registered: Mar 2006
Location: belguim
Distribution: fedora, mandriva, suse
Posts: 148

Original Poster
Rep: Reputation: 15
well, both passive and active connections fail.
i get the mentioned error with active connection, with the passive connection he try's to initiate (the client) but the server never recieves the request... (none of my logfiles show any passive connection (attempt) or anything having to do with this...
i can however see the login in my logs.

i've set these rules in my vsftpd.conf:
tcp_wrappers=YES
listen_yes
local_enable=YES
anonymous_enable=YES
write_enable=YES
connect_from_port_20=NO
ftp_data_port=1027
ftp_listen_port=1028
pasv_enable=YES
pasv_min_port=1030
pasv_max_port=1035

in my router, ports 1027 to 1035 are forwarded to my local server

unfortunetly, i do not entirely get what you mean with
Quote:
What type of nat translation is the router doing (i.e. a 1-1 nat translation - ip nat inside source static <private> <public>,
if you could please explain how i can tell if this is the case?

thnx for the quick reply anyway
 
Old 11-17-2007, 03:35 PM   #4
bmarx
Member
 
Registered: Dec 2004
Distribution: Slackware, Arch, FreeBSD
Posts: 202

Rep: Reputation: 34
Have you double checked the rules that are applied with the tcp_wrappers=YES option enabled? I think the best thing to try is to disable any sort of filtering when connecting from the outside to see where the problem is, i.e. turn off filtering on the router (or allow all ports to and from your server ip) and try to connect, if you get the same result, put it back on. Turn off filtering from iptables, if same result, put back on, etc. Then at least you can find out where exactly the problem is occuring.

When I say:

What type of nat translation is the router doing (i.e. a 1-1 nat translation - ip nat inside source static <private> <public>

I am mainly asking how is the nat translation being implemented. I guess this would be better to start off by asking what type of router you are using, as I am using cisco commands because this is what I am used to. You can specify nat translations to only occur when a specific port is being requested if you specify a tcp connection.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with ftp server bind: address allready in use Diode Linux - Distributions 6 11-18-2009 01:27 AM
cannot start vsftpd: 500 OOPS: could not bind listening IPv4 socket mr_scary Linux - Networking 2 01-25-2007 11:51 PM
Ftp Problem (500 Illegal Port Command) Palula Linux - Networking 3 05-08-2006 07:49 AM
iptables / FTP masquerading: Port command illegal radiowhiz Linux - Networking 1 03-23-2005 05:15 PM
vsftpd 500 illegal port command jglazner Linux - Software 3 09-30-2003 04:53 PM


All times are GMT -5. The time now is 06:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration