48

I ssh'ed to my Google Compute Engine's VM. And want to ftp to another server from there. It asked my username and password, I could login without problem. But when I do ls or get, I receive this error:

500 I won't open a connection to 10.240.XX.XX (only to XX.XX.XX.XX)
ftp: bind: Address already in use

That 10.240.XX.XX is my internal IP address I saw in ifconfig result.

How can I transfer files from another server using FTP? System: Debian7

Improve this question

4 Answers 4

Reset to default
86

You are using the active mode of FTP to connect to a server running Pure-FTPd. In the active mode, a server has to connect back to a client to open a data transfer connection (for file transfers or directory listing). For that, the client sends its IP address to the FTP server in the PORT command.

If the FTP server is outside of the GCE private network, it obviously cannot connect back to the client machine, as the machine is behind a firewall and NAT.

And actually the Pure-FTPd explicitly checks that the IP address in the PORT command matches the client IP address of the FTP control connection. It won't match, if the client sends its internal IP address within the GCE network. If this case, the Pure-FTPd server rejects the transfer outright (without even trying to connect) with the error message, you are getting:

I won't open a connection to ... (only to ...)

(where the first ... is the IP address provided by the client in the PORT command [the local address within the GCE private network), and the second ... is the external [NATed] IP address of the client, as known by the server).

Even if the client reported the external [NATed] address in the PORT command, it still won't work as the connection attempt won't get past the NAT and firewall.

For this reason, the passive FTP mode exists, in which the client connects to the server to open the data transfer connection. Actually, none uses the active mode nowadays.

See (my article) FTP connection modes for details about the modes.

So, switch to the passive mode. How this is done is client-specific.

  • In most common *nix ftp command-line clients, use the -p command-line switch, though the passive mode is used by default anyway:

    -p Use passive mode for data transfers. Allows use of ftp in environments where a firewall prevents connections from the outside world back to the client machine. Requires that the ftp server sup- port the PASV command. This is the default now for all clients (ftp and pftp) due to security concerns using the PORT transfer mode. The flag is kept for compatibility only and has no effect anymore.

  • Some clients also support passive command.

  • If you are on Windows, you cannot use the built-in command-line ftp.exe client, as it does not support the passive mode at all. You have to install a third-party client. See How to use passive FTP mode in Windows command prompt?

Improve this answer
2
  • 4
    This was my problem too; apparently, not all Linux ftp clients use passive mode by default.
    – Mr Lister
    Commented Jun 9, 2015 at 18:52
  • 4
    Note for anyone on Windows who has this problem (I realise this question isn't about Windows, but I was and I arrived here by searching for "I won't open a connection to"): according to How to use passive FTP mode in Windows command prompt? and its answers, the native FTP client of Windows (even up to 10) does not support passive mode, so an alternative would be needed (answers to that question mention WinSCP).
    – TripeHound
    Commented Jul 11, 2018 at 7:02
42

Enable your FTP with passive mode, if you have already connected please type

ftp> passive
Passive mode on.

You are currently using FTP in passive mode.

Improve this answer
1
  • 3
    As a note - passive is a boolean that will toggle between passive mode and active mode in ftp. This can be confusing for those who haven't switched modes before.
    – Ryan Rentfro
    Commented Dec 18, 2015 at 17:41
1

if you use wsl2 linux subsystem in windows 10:use pftp

Improve this answer
-1

If you use PsPad editor and you have the same issue, try to set this configuration for your connection:

enter image description here

Improve this answer
8
  • 2
    What is "this configuration"? Please describe it in words, not just using a screenshot.
    – Martin Prikryl
    Commented Jan 7, 2017 at 19:27
  • It's not just a screenshot as you see, I wrote that this is the way to set your connection to work, I had this problem and I did not found the solution anywhere, I found it today by my self and I wanted to help others not to waist their time like I did.
    – paulalexandru
    Commented Jan 7, 2017 at 19:30
  • 2
    Are screenshots useful in answers? - "There is nothing wrong with posting a screenshot to show users how something works, so long as the screenshot is accompanied by textual information that explains the same thing in words"
    – Martin Prikryl
    Commented Jan 7, 2017 at 19:35
  • 1
    Sure! Just write, "check the option XXX to make it work". There is dozen options on the screenshot. How do we know what is the magical one?
    – Martin Prikryl
    Commented Jan 7, 2017 at 19:39
  • 1
    I tried all of the options, I used SSL/TLS, Also the Prot P setting, I've checked MLDS with and without the show hidden file because some said that servers might have a problem with the hidden setting. I've checked the Prox Server also and the ones that are checked now. Finally I don't know why this configuration works, but this works and I also can't know for sure if there is a magical checkbox checked. I started with no checkboxes selected. (and I had the same issue at the begining)
    – paulalexandru
    Commented Jan 7, 2017 at 19:42

Not the answer you're looking for? Browse other questions tagged or ask your own question.