Re: Ftp Active and Passive

Adding more information about this issue.

If I configured the VIP to work with passive mode and i try to do a Active ftp connections , the ftp-server shows me the error " 500 Ilegal PORT Command " trying to send Data port to source public ip address.

And when i configured the VIP to work with Active ftp mode, the ftp-server logs show me the data port going to the private VIP ip address.

Example:

VIP working in passive MODE - Trying a Active Ftp connection

ftp]OKLOGN:Clent"",anonasswor"anonymous"

[][ft]FTresonse:Client"10.10.10.1","0Lognsuccessful." [][ft]FTcomman:Client"10.10.10.1","FEAT" [][ft]FTresonse:Client"10.10.10.1","-Features:" [][ft]FTresonse:Client"10.10.10.1","ERT??" [][ft]FTresonse:Client"10.10.10.1","ESV??" [][ft]FTresonse:Client"10.10.10.1","MTM??" [][ft]FTresonse:Client"10.10.10.1","ASV??" [][ft]FTresonse:Client"10.10.10.1","RESTSTREAM??" [][ft]FTresonse:Client"10.10.10.1","SZE??" [][ft]FTresonse:Client"10.10.10.1","TVFS??" [][ft]FTresonse:Client"10.10.10.1","UTF8??" [][ft]FTresonse:Client"10.10.10.1","En" [][ft]FTcomman:Client"10.10.10.1","W" [][ft]FTresonse:Client"10.10.10.1","57"/"" [][ft]FTcomman:Client"10.10.10.1","NOO" [][ft]FTresonse:Client"10.10.10.1","00NOOok." [][ft]FTcomman:Client"10.10.10.1","CW/" [][ft]FTresonse:Client"10.10.10.1","50rectorysuccessfullychange." [][ft]FTcomman:Client"10.10.10.1","FEAT" [][ft]FTresonse:Client"10.10.10.1","-Features:" [][ft]FTresonse:Client"10.10.10.1","ERT??" [][ft]FTresonse:Client"10.10.10.1","ESV??" [][ft]FTresonse:Client"10.10.10.1","MTM??" [][ft]FTresonse:Client"10.10.10.1","ASV??" [][ft]FTresonse:Client"10.10.10.1","RESTSTREAM??" [][ft]FTresonse:Client"10.10.10.1","SZE??" [][ft]FTresonse:Client"10.10.10.1","TVFS??" [][ft]FTresonse:Client"10.10.10.1","UTF8??" [][ft]FTresonse:Client"10.10.10.1","En" [][ft]FTcomman:Client"10.10.10.1","SYST" [][ft]FTresonse:Client"10.10.10.1","5UNXTye:L8" [][ft]FTcomman:Client"10.10.10.1","ORT9,xxx,xxx,xxx,,9" <--- CLIENT PUBLIC IP ADDRESS [][ft]FTresonse:Client"10.10.10.1","500llegalORTcomman."

10.10.10.1 <--- VIP internal ip

VIP working in Active MODE - Trying a Active Ftp connection

 [pid 3184] [ftp] FTP command: Client "10.10.10.1", "FEAT"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "211-Features:"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " EPRT??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " EPSV??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " MDTM??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " PASV??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " REST STREAM??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " SIZE??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " TVFS??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " UTF8??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "211 End"
[pid 3184] [ftp] FTP command: Client "10.10.10.1", "PWD"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "257 "/""
[pid 3184] [ftp] FTP command: Client "10.10.10.1", "NOOP"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "200 NOOP ok."
[pid 3184] [ftp] FTP command: Client "10.10.10.1", "CWD /"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "250 Directory successfully changed."
[pid 3184] [ftp] FTP command: Client "10.10.10.1", "FEAT"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "211-Features:"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " EPRT??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " EPSV??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " MDTM??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " PASV??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " REST STREAM??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " SIZE??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " TVFS??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", " UTF8??"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "211 End"
[pid 3184] [ftp] FTP command: Client "10.10.10.1", "SYST"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "2 UNIX Type: L8"
[pid 3184] [ftp] FTP command: Client "10.10.10.1", "PORT 10.10.10.1,140,117"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "200 PORT command successful. Consider using PASV."
[pid 3184] [ftp] FTP command: Client "10.10.10.1", "LIST"
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "0 Here comes the directory listing."
[pid 3184] [ftp] FTP response: Client "10.10.10.1", "226 Directory send OK."

Finally, if I configure the VIP to work in Active Mode, passive mode recieved a Reset in the connection.

IP 10.10.10.1 > xxx.xx.xx.xx.40021: Flags [R.], seq 331, ack 75, win 0, length 0 out slot1/tmm0 lis=/Common/passive

Forum Discussion

Re: Ftp Active and Passive

Recent Discussions

"Brighten Your Health: Vitamin Dee Me Gummies Now Available in South Africa"

Need help on CLI command to fetch < VIP Name + current connections >

Glycogen Control Australia Is Right For You See Here

APM combine check for ldap group plus IP ACL

Error in REST https call to get the Auth token v15.1.8

Related Content

Re: BigIP Report

Re activate license failed

Especial Load Balancing Active-Passive Scenario (I)

Especial Load Balancing Active-Passive Scenario (II)

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer