500 Illegal Port Command in Docker Container

500 Illegal Port Command in Docker Container
January 25, 2016 Manuel Ortiz

Today’s Mozart Analytics’ BIT results from running an FTP Client from inside a Docker container.

Yesterday, I was implementing a simple RESTful Service for a client for uploading files from a local computer or an S3 endpoint, to a remote FTP Server using (obviously) an HTTP POST and a JSON Payload to identify the file among other things. To program it, I used Grails and its rest-api profile, together with the Apache Commons SDK’s FTPClient class as the Java client for uploading the files to the FTP Server.

After I finished coding it and made sure everything worked in my computer, I decided to deploy it to Amazon Elastic Beanstalk using the eb cli and Docker as the container or “Platform Configuration”. Therefore, to containerize my project with Docker, I created my Dockerfile and used our Grails Docker image. Everything worked flawlessly (login to FTP server, traversing directories) until the FTP upload began. It was at that moment that I received the 500 Illegal Port Command error.

I researched until I reached the end of the internet with no luck. I thought that the problem was with running my program inside a Docker container (because it worked perfectly on my computer outside of a container) so I focused my search on that. However, I was unable to find an answer that solved my issue. Then I remembered that most FTP Servers operate using PASSIVE transfer modes instead of ACTIVE (using only 1 port for all transfer). Maybe (I really had no idea) that was the real issue since it seems to me that, absent of any special configuration, containers using any kind of Debian or Ubuntu distribution as base image, will reserve port 21 and will not let custom clients use it. And I was right! I went to my FTP client code and added the enterLocalPassiveMode() one-liner after the connection:

That was all!! I tested it in my Elastic Beanstalk environment and the 500 error was gone and everything worked perfectly! So, if you are going to use an FTP client inside a Docker Container, make sure that it works using PASSIVE mode, because if not… good luck!

Loves beach and beer (specially Medalla). Software Engineer and Co-founder of Mozart Analytics, and award winning technology startup Citamed.net. Passionate about software engineering with strong knowledge and years of experience in cloud services and architecting for the cloud. Works as the CEO of Citamed.net in San Juan, Puerto Rico. Lives happily with his wife and dog.


Leave a reply

Your email address will not be published. Required fields are marked *