Active FTP is not supported in Azure environment, also the default Windows command line. Join weebly on the road with 'like a boss' bus tour!. Ftp.exe, doesn’t work in Azure. The command tends to initiate an Active connection and refers to the private IP of the client VM (VM Name LXX-XXX-C02, DIPs 10.XXX.XXX.11), whereas trying to initiate a connection to a public IP and thus fails. But with this new policy, I had to change the port. So I changed the services file in /etc/ and changed ftp port 21 to 40740. Ok it receives connections normally. It authenticates users nicelly but keeps giving me this message when I type dir, for example. 500 Illegal Port Command. 425 Use PORT or PASV first. It works neat from my Lan anyway. 500 Illegal PORT command. 425 Use PORT or PASV first. 500 Illegal PORT command. 2011-01-28 04:13:37.692 Could not retrieve directory listing. 2011-01-28 04:13:37.692 Retrieving directory.
I have PASV working like a champ. This is on Cent5.6 with vsftpd 2.0.5 installed via yum.
I'm configured for FTPS using only virtual accounts. The issue I'm trying to solve is a user is in a strict environment where he can't connect using PASV mode. We've seen in the past at least for plain FTP that active sometimes works so I'm trying to get active working.
Using Filezilla, it looks like as soon as it connects it switches to PASV mode to get the directory, even though I have the connection set to active. When I turn off PASV at the server, Filezilla can't get a directory. Looking at the VSFTPD log I see:
[code]FTP response: Client 'x.x.x.x', '200 Switching to Binary mode.'
'500 Illegal PORT command.'
'550 Permission denied.'[/code]
I know the permission denied is due to me turning off PASV mode. When it's on I see the same thing except instead of the 550, you see Filezilla switch to PASV to get the directory. Here's the .conf (redacted xxxxs are for IPs/directories/accounts/etc..)
500 Illegal Port Command Proftpd
Illegal Port Command Ftpssl_enable=YES
Am I missing something? I see no attempts to connect via 20 on my DMZ firewall. I've tried it with iptables and selinux off just to see if it was something like that..no joy. I've got the iptables entries anyway:
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
Any ideas? Thanks.