Serious issue with passive mode FTP
Posted: Sun May 27, 2007 12:03 pm
I'm trying out your nice Core FTP Server product, and I just found what seems to be a serious issue with passive mode (PASV) in normal FTP server instances.
In the server (domain) setup, you can only specify an IP for the server that is directly bound to the computer's network card. In my (and many other people's) case, I'm behind a NAT (port forwarding) firewall, and in this case the server won't start if I put the external IP of the firewall there (in the logs there will be a message "The socket binding to local port failed").
So, what is the problem then you might ask? Well, it means that no user will be able to do a passive mode FTP transfer to/from the server from the internet, because for all data connections the server will state its local IP (192.168.x.x), and the client will try to access this IP for the data connection, and fail (yes, I saw that you had a special hack for detecting this situation in your Core FTP LE client, but this is not standard FTP, and most clients won't do this, and I cannot force all my users to use your FTP client).
So, what most FTP server software products do is to add an option in the config for a "Passive mode server IP address", which will be the one that is stated in the PASV mode data transfers commands from the server to the client, and I really recommend you doing this too (if you don't have any other good solution to tell me about of course, do you?).
Eagerly awaiting your reply, thanks!
In the server (domain) setup, you can only specify an IP for the server that is directly bound to the computer's network card. In my (and many other people's) case, I'm behind a NAT (port forwarding) firewall, and in this case the server won't start if I put the external IP of the firewall there (in the logs there will be a message "The socket binding to local port failed").
So, what is the problem then you might ask? Well, it means that no user will be able to do a passive mode FTP transfer to/from the server from the internet, because for all data connections the server will state its local IP (192.168.x.x), and the client will try to access this IP for the data connection, and fail (yes, I saw that you had a special hack for detecting this situation in your Core FTP LE client, but this is not standard FTP, and most clients won't do this, and I cannot force all my users to use your FTP client).
So, what most FTP server software products do is to add an option in the config for a "Passive mode server IP address", which will be the one that is stated in the PASV mode data transfers commands from the server to the client, and I really recommend you doing this too (if you don't have any other good solution to tell me about of course, do you?).
Eagerly awaiting your reply, thanks!