Now Trending
Problems with FTP PORT command on Linksys routers
Support

Problems with FTP PORT command on Linksys routers

Reader Ian Boyd contributed this info on how Linky can have problems with FTP if you don’t observe two key rules.

 

Summary
FTP client PORT commands must be:

1) UPPERCASE and

2) On the standard FTP port 21

in order to be automatically translated by a Linksys router.

Details
When clients behind the Linksys router try to FTP out on standard ports, the router does some behind the scenes manipulation of PORT commands – replacing the client machine’s LAN IP with the real internet IP. However I have realized (after much cursing and swearing) that the router will only translate PORT commands sent in UPPERCASE. I had at some point turned on the option in BulletProofFTP to use lowercase commands. The router was then no longer translating my PORT commands, and I was forced to use PASV mode, or was unable to FTP at all. Once I turned off the option to use lowercase, or moved to a client program that sends uppercase commands (LeechFTP), everything was fine.

Technical Background
As you communicate with the FTP server, you have a choice between using PORT of PASV (passive) modes. In port mode, your FTP client tells the server an IP and port that it should connect to you in order to do the next transfer. The problem is that IP the your client sends to the server is the computer’s IP on the internal LAN (i.e. 192.168.1.100).

> PORT 64,255,2,232,16,94 200 PORT command successful

The server then has to try to open a connection to that IP. That cannot happen, because 192.168.1.100 isn’t a valid internet IP. (In fact, some FTP servers will complain that the ip does not match the address that already has the control connection open – and will give a “500 – Illegal port command” error.)

> port 192,168,1,101,16,92 500 Illegal PORT command

Fortunatly, the Linksys router (with a high enough firmware version – I’m not sure which one) can watch for PORT commands, and will replace the mention of the internal LAN IP sent in the packet, and replace it with the real IP of the router on the internet. I assume that it also replaces the port specified by the client with one of its own available ports. Any subsequent packets arriving on that port (presumably from the FTP server) will be automatically forwarded to the client machine who initially sent out the PORT command.

> PORT 192.168.1.101,15,34 200 PORT command successful

In addition to this behavior being undocumented, it only works on the STANDARD FTP PORT 21. If you connect to an ftp server that is running on some other port, the router will not intercept and translate your PORT commands. In addition, the router seems to only translate PORT commands when the PORT command itself is sent in UPPERASE. If the command is in lowercase, then the router WILL NOT TRANSLATE THE PORT COMMAND, and pass it off unaltered to the FTP server.

See this page for a general (non Linksys specific) explanation of how FTP PASV mode works.

Networking
SW Proxy Servers
NAT SW (ICS, Sygate, etc)
NAT HW Routers
NAT HW & SW
Wireless
Other Problems
Secure LAN
Special Applications
Other Help
Tools
Avatar for Eric Geier
Eric Geier

Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity, providing a cloud-based Wi-Fi security service; Wi-Fi Surveyors, providing RF site surveying; and On Spot Techs, providing general IT services.

Related Posts