ftp error: 500 invalid port connection

I am trying to access a ftp server . I am able to connect to it with the user name and password. However when i connect to the server and do a dir i get the following error. 

   

C:\Documents and Settings\Admin>ftp XXX.XXX.XXX.XXX
Connected to XXX.XXX.XXX.XXX
220 Microsoft FTP Service
User (XXX.XX.XXX.XXX:(none)): user-name
331 Password required for user-name
Password:
230 User user-name logged in.
ftp> dir
500 Invalid PORT Command.
150 Opening ASCII mode data connection for /bin/ls.

 

I got a fire wall running and i have opened port 21, The entry in the iptables is as follows .

 

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
 

Answer :

Passive ftp

A PORT command is again issued, but this time it is from the server to the client. The client connects to the server for data transfer. Since the connection is in the same sense as the original ftp connection,  passive ftp is inherently more secure than active ftp, but note that this time we know even less about the port numbers. Now we have a connection between almost arbitrary port numbers.

Enter the ip_conntrack_ftp module once more. Again, this module is able to recognize the PORT command and pick-out the port number. Instead of NEW in the state match for the OUTPUT chain, we can use RELATED. The following rules will suffice:

iptables -A INPUT     -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 1024:  -m state --state ESTABLISHED,RELATED -j ACCEPT

add the following to the kernel  

 

modprobe ip_nat_ftp

--