For months, I'd been using the command line FTP client on my OS X iBook to manage the files on my personal web space at Cox Communications. Then, all of the sudden, something changed and my command line FTP tool no longer worked. I could connect to the FTP server, but whenever I issued a command to list my files (i.e. ls), I would get the following message and wind up disconnected.
ftp> ls
500 Illegal EPRT command
200 PORT command successful
421 Service not available, remote server timed out. Connection closed
After spending several hours on failed troubleshooting attempts and fruitless Google searches, I finally wound up installing a graphical FTP client that was mysteriously able to make the connection without any problem. It was a short term workaround, but I wasn't happy with it. I don't want to use a GUI for my FTP needs; I like using the command line tool.
Months later, I think I've found a somewhat better fix, although it still has implications I'm not crazy about. I woke up early this morning and couldn't get back to sleep, so I Googled the "500 illegal EPRT command" error message. After browsing through numerous results, I eventually found this item that talked about using FTP over encrypted SSH connections. Although a lot of the article was over my head, I did manage to infer a few things-- namely, the OS X firewall was preventing the connection from being properly made, and the ipfw utility could be used to modify the firewall rules and resolve the problem.
So, I read the Unix man page on ipfw . . . and I honestly believe I felt a blood vessel in my brain explode. Maybe it's just too early and I haven't had enough caffeine, but I couldn't begin to keep all that info straight. At this point, I began to improvise a bit. Since I knew it was a firewall issue, I went into my iBook's Sharing pane in System Preferences. After a little trial and error, I discovered that if I started the FTP Service on my machine and then enabled the FTP ports through the Firewall, I was able to use my FTP command line tool again!
I still get a long delay and the Error 500 message with the first ls command issued, but it no longer disconnects me and all subsequent commands seem to respond without any delay. The downside, of course, is that I'm now running a service on my computer that allows remote connections to my computer, which someone could theoretically exploit. What I really need is a way to allow FTP ports through the Mac OS X firewall without running the FTP Service.
I suspect that's what ipfw will allow me to do. I'll go back and try reading the Unix man page again, but only after I get some