cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-library Mailing List Archives

Re: FTP_IGNORE_PASSIV_IP [Virus Checked]

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Wed, 22 Sep 2004 15:46:59 -0700

On Wed, Sep 22, 2004 at 05:33:36PM -0400, ED_Hingsbergen_at_cisgi.com wrote:
> I encountered a problem connecting to an ftps host that was behind a NAT
> firewall. Here is my solution:
[...]
> The Solution:
> Instead of using the IP address from the "227 PASV" response, the client
> can use the IP address that it used for the control connection. This will
> be the public IP address of the host. [ I have been unable to find a
> situation in which the IP address in the PASV response should refer to a
> different host.] The command line option "--ftp-ignore-pasv-ip" causes the
> cURL command line client to use the port number from the PASV response, but
> to ignore the IP address, and use the IP address that was used for the
> control channel instead.
>
> (See attached file: FTP_IGNORE_PASSIVE_IP.diff)
>
>
> Comments welcome.

Even if this solution were to be used, the NAT firewall will not know which
TCP port to map to the internal host because it can't see the PASV response.
The remote client will attempt to connect to the control channel address,
but the port will be closed. How is the NAT firewall supposed to get this
information?

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved
Received on 2004-09-23

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET