Fail to send PORT command in FTP with NAT


When you connect to FTP server with Microsoft ftp command line client (ftp.exe), you may get “500 Invalid PORT Command” error message after typing “dir” command.

Root Cause

This problem may happen when a NAT router is introduced in the network environment, and the FTP client is using Active mode.


When you type “dir” command in Microsoft ftp client tool, it will firstly send a “PORT” command to the FTP server. Please refer to the network trace.


Based on frame 268, we can know the client side IP address is, but in the “PORT” command, it specifies another IP address In fact, the physical IP address of the client side could be and the NAT device has translated it to In this situation, the “PORT” command will fail because the server side can’t connect back to the private IP( For more detailed information, please refer to


There are two alternatives for this issue.

1.       Use Passive mode FTP in the connection

2.       Configure on the NAT device, the method could be different with different NAT devices


Information About the IIS File Transmission Protocol (FTP) Service:

How to configure Internet Explorer to use both the FTP PORT mode and the FTP PASV mode in the Windows Server 2003 Family:

Network address translation:


ZhiXing Lv 


Skip to main content