I've seen this question come up lots and lots of times, but no one ever
seems to follow up with an answer. Here it is.
The problem is a bug in wu-ftpd. It's not Linux-specific, either, as far
as I can tell.
wu-ftpd is too aggressive about rejecting PORT assignments to IP addresses
that don't match the one that issued the request. When one attempts to
do a data transfer (directory listing or file transfer) to a host running
wu-ftp from a host whose IP is masqueraded somehow, wu-ftpd says no and
echoes an error.
If you are:
1) Behind a security firewall of some sort
2) Using a proxy FTP server
3) Using SOCKS
4) Using ssh port redirection
5) Using slirp port redirection
6) Redirecting ports in any way, shape or form
7) Using some sort of IP address rewriting or masquerading
you're affected. Because there are a heck of a lot of people who fall into
one of the above categories, I'd say this is a pretty serious bug in
wu-ftpd, especially given its popularity.
Interestingly, there have been cases where I've been able to use a wu-ftpd
server from behind my masqueraded dialup, but >95% of the time I can't.
Nevertheless I am confident that the bug is in wu-ftpd, because I've *only*
seen this behavior when connecting to wu-ftpd servers, and *only* when
doing so from behind a masqueraded IP connection.
Thanks to Donovan Kolbly for diagnosing this problem.
See <http://www.chiark.greenend.org.uk/debian/Bugs/db/13/13178.html> for his
Now let's get on to the authors of wu-ftpd to fix this problem. It could
either be patched to work better, or this checking could simply be
disabled. There are far more legitimate users in the above seven
categories than crackers.
Permission is hereby granted to forward/crosspost this article anywhere it
may do some good. I'd desperately like to see this bug fixed.
"The errors of great men are venerable because they | G. Branden Robinson
are more fruitful than the truths of little men." | Purdue University