One thing I perhaps did not make obvious enough - it is not my firewall
that is the problem, but the firewall at the host site of a vendor to whom
we wish to connect. Actually, I've seen the same situation with three
separate FTPS hosts, with the identical scenario, and this fix resolves it.
I don't know much about their firewall configuration, but know that they
restrict traffic by source IP address, I am assuming they allow any traffic
from our IP on the specified ports.
This is a commercial setting - the server in at least one of these cases is
a Sterling Commerce product (part of their "CONNECT" series), but the
problem clearly is not server-specific.
While configuring our connection to the first of these, I proposed that we
use curl as a client (rather than the cumbersome commercial, closed source
client they recommended). The IT staff at that site warned me that most
FTPS clients would have trouble, specifically because they could not ignore
the IP address passed in the passive response.
I can't imagine that this would not be a common problem with someone trying
to connect to a commercial FTPS server across the Internet.
"Gerd v. Egidy"
<lists_at_egidy.de> To: libcurl development <curl-library_at_cool.haxx.se>
Sent by: cc:
curl-library-bounces_at_c Subject: Re: FTP_IGNORE_PASSIV_IP [Virus Checked]
09/23/2004 04:45 AM
Please respond to
> It works only if the NAT firewall is naively converting the IP addresses
> the traffic that goes through, without caring much for which ports that
> Since Ed's patch works for him, his firewall must do something like that.
I think he is fixing the wrong problem. He should take care of his firewall
and not introduce a workaround into curl.
> On my end, I'm thinking: Is this a feature more people than Ed will ever
> find use for? Should we add this to libcurl?
I don't think this is a common problem.
Received on 2004-09-23