1

I am using a call to ftp.exe to upload file to a FTP Server.

This program is running since many years and uploads to number of servers, so far without problems.

After one of the receiver servers has been updated, uploads are no longer possible.

This is the command sequence:

open ftp.xxx.de
<user>
<pw>
>230 User logged in, proceed
cd upload
bin
put <filename>

and in response to this the server replies:

501 PORT IP is not the same as 10.100.244.5
150 File Status okay, about to open Connection

That is it, after this the connection is stuck and gets closed after a certain timeout period.

Funny enough, a google search for "PORT IP is not the same as" return exactly one result, which explains that the IP seen by the server is different from the one expected.

Also, when using WinSCP, FileZilla or other FTP utility programs, the connection has no problem and does transfer files just fine.

So, why does this appear and how to solve it?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Herbert
  • 151
  • 2
  • 12

1 Answers1

3

The ftp.exe uses an old-fashioned active mode command PORT, which requires the client to specify its IP address to which the FTP servers needs to connect back to open a data transfer connection.

If your are behind a firewall or a NAT, the client may not know its external IP address and uses its local network address. This causes troubles. Either the server fails to connect back as it obviously cannot connect to the client's local network. Or the server rejects the PORT command straight away, if the specified IP address does not match the IP address, from which the FTP client connects to the server. This is a security measure as the difference may indicate a man-in-the-middle attack. Your server does the validation. Some servers might be configured to ignore the IP address specified in the PORT command and connect to a known IP address of the client.

Another way to solve this is, if the firewall/NAT can inspect the FTP traffic and seamlessly modify the IP address in the PORT command. This is obviously not happening.

You do not get the problem with WinSCP or FileZilla, as these clients default to the passive FTP mode, which does not have the problem. Also in the active mode these clients can be configured to use the external IP address. FileZilla also supports the modern EPRT command, that does not need to specify the IP address at all (the server uses the known IP address of the client).

See my article about active/passive FTP mode for details.

I do not think there's any way to make it working with the Windows ftp.exe. It neither supports the passive mode, nor can be configured to use the external IP address, nor supports the EPRT command.

So unless you can configure the FTP server not to do the check and connect to the known IP address of the client or configure your firewall/NAT to modify the IP address in the PORT command, you have to use another FTP client.

As you know that WinSCP works, see the guide for converting the Windows ftp.exe script to WinSCP script.

(I'm the author of WinSCP)

Community
  • 1
  • 1
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
  • 1
    Hi Martin, first: thanks for the extensive answer and second an even BIGGER to BIGGEST thanks for giving us WinSCP ... – Herbert Aug 26 '15 at 16:08