cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: FTP_IGNORE_PASSIV_IP [Virus Checked]

From: <ED_Hingsbergen_at_cisgi.com>
Date: Thu, 23 Sep 2004 08:50:04 -0400

One thing I perhaps did not make obvious enough - it is not my firewall
that is the problem, but the firewall at the host site of a vendor to whom
we wish to connect. Actually, I've seen the same situation with three
separate FTPS hosts, with the identical scenario, and this fix resolves it.
I don't know much about their firewall configuration, but know that they
restrict traffic by source IP address, I am assuming they allow any traffic
from our IP on the specified ports.
This is a commercial setting - the server in at least one of these cases is
a Sterling Commerce product (part of their "CONNECT" series), but the
problem clearly is not server-specific.
While configuring our connection to the first of these, I proposed that we
use curl as a client (rather than the cumbersome commercial, closed source
client they recommended). The IT staff at that site warned me that most
FTPS clients would have trouble, specifically because they could not ignore
the IP address passed in the passive response.

I can't imagine that this would not be a common problem with someone trying
to connect to a commercial FTPS server across the Internet.

Thanks!
Ed

                      "Gerd v. Egidy"
                      <lists_at_egidy.de> To: libcurl development <curl-library_at_cool.haxx.se>
                      Sent by: cc:
                      curl-library-bounces_at_c Subject: Re: FTP_IGNORE_PASSIV_IP [Virus Checked]
                      ool.haxx.se


                      09/23/2004 04:45 AM
                      Please respond to
                      libcurl development

> It works only if the NAT firewall is naively converting the IP addresses
of
> the traffic that goes through, without caring much for which ports that
are
> involved.
>
> Since Ed's patch works for him, his firewall must do something like that.

I think he is fixing the wrong problem. He should take care of his firewall

and not introduce a workaround into curl.

> On my end, I'm thinking: Is this a feature more people than Ed will ever
> find use for? Should we add this to libcurl?

I don't think this is a common problem.

Kind regards,

Gerd
Received on 2004-09-23

This message: [ Message body ]
Next message: Harshal Pradhan: "isspace() usage in cookie.c"
Previous message: Daniel Stenberg: "Re: i receive the http server response messages, but my program coredump in data->set.fwrite"
Maybe in reply to: ED_Hingsbergen_at_cisgi.com: "FTP_IGNORE_PASSIV_IP [Virus Checked]"
Next in thread: Dan Fandrich: "Re: FTP_IGNORE_PASSIV_IP"
Reply: Dan Fandrich: "Re: FTP_IGNORE_PASSIV_IP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]