Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 03-22-2005, 01:21 PM   #1
LQ Newbie
Registered: Mar 2005
Posts: 5

Rep: Reputation: 0
iptables / FTP masquerading: Port command illegal

Hi Everyone,

I finally got my FTP server working on my Red Hat 9 Linux firewall box. For some reason, I could only get it to work on a port other than 21. I elected for port 29 and changed /etc/services ftp entry and my firewally rules accordingly. For some reason, if I change back to 21, no response sent by ftp server to syn pkt from client ftp. If anyone has any ideas why it works on any other port than 21, please let me know.

Anyways, i got passive mode ftp to work on this box. However, active mode fails. and it complains:
ftp> dir
500 Illegal PORT command.
ftp: bind: Address already in use

When i look at the packets, I see the client sending a Port cmd using its non-routable IP. This then passes through a firewall, and the source IP gets translated to a public IP. Then hits my Linux firewall and I the vsftpd process it and sends back that Illegal port response.

My firewall is using DHCP over my DSL connection. Hence I am using MASQUERADING in iptables:


modules in memory are:

ip_conntrack_ftp 5296 1 (autoclean)
ip_nat_ftp 4112 0 (unused)
iptable_mangle 2776 0 (autoclean) (unused)
tulip 43840 1
ipt_MASQUERADE 2200 1 (autoclean)
iptable_nat 21720 2 (autoclean) [ip_nat_ftp ipt_MASQUERADE]
ipt_state 1048 10 (autoclean)
ip_conntrack 26976 3 (autoclean) [ip_conntrack_ftp ip_nat_ftp ipt_M
ASQUERADE iptable_nat ipt_state]
iptable_filter 2412 1 (autoclean)
ip_tables 15096 7 [iptable_mangle ipt_MASQUERADE iptable_nat ipt
_state iptable_filter]

Anybody know whats going on?

Thanks Gurus!
Old 03-23-2005, 05:15 PM   #2
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 377Reputation: 377Reputation: 377Reputation: 377
it's weird that you can make it work on any port except 21...

are you sure there isn't another daemon using port 21??


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables masquerading & active ftp connections PowerMatt Linux - Networking 2 10-20-2005 05:02 PM
ProFTPd- "Illegal PORT Command" JCdude2525 Linux - Networking 5 12-06-2004 05:42 AM
port forwarding using iptables (ftp) spank Linux - Newbie 3 01-20-2004 06:14 AM
vsftpd 500 illegal port command jglazner Linux - Software 3 09-30-2003 04:53 PM
ftp and ftp port forwarding with IPtables?? FunkFlex Linux - Security 3 04-24-2002 03:03 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:32 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration