Fail to send PORT command in FTP with NAT


Symptom

When you connect to FTP server with Microsoft ftp command line client (ftp.exe), you may get “500 Invalid PORT Command” error message after typing “dir” command.

Root Cause

This problem may happen when a NAT router is introduced in the network environment, and the FTP client is using Active mode.

Analysis

When you type “dir” command in Microsoft ftp client tool, it will firstly send a “PORT” command to the FTP server. Please refer to the network trace.


ftp1.png

Based on frame 268, we can know the client side IP address is 202.45.131.196, but in the “PORT” command, it specifies another IP address 192.168.1.22. In fact, the physical IP address of the client side could be 192.168.1.22 and the NAT device has translated it to 202.45.131.196. In this situation, the “PORT” command will fail because the server side can’t connect back to the private IP(192.168.1.22). For more detailed information, please refer to

http://www.enterprisedt.com/products/edtftpjssl/doc/manual/html/howtoftpthroughafilewall.html

Solution

There are two alternatives for this issue.

1.       Use Passive mode FTP in the connection

2.       Configure on the NAT device, the method could be different with different NAT devices

References

Information About the IIS File Transmission Protocol (FTP) Service: http://support.microsoft.com/kb/283679

How to configure Internet Explorer to use both the FTP PORT mode and the FTP PASV mode in the Windows Server 2003 Family: http://support.microsoft.com/kb/323446

Network address translation: http://en.wikipedia.org/wiki/Network_address_translation

Regards,

ZhiXing Lv 

 

Comments (0)

Skip to main content