Article delegate-en/4553 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4552@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP extended passive mode issues
08 Sep 2009 08:12:06 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4552@delegate-en.ML_> on 09/08/09(00:33:43)
you Sebastien Barbereau <pzaiqbdyi-ytjem447qmlr.ml@ml.delegate.org> wrote:
 |we are encountering a small problem when using delegated as ftp proxy
 |server for outgoing connections.
 |We want to disable the extended passive mode for the clients,

Why?

 |to do this
 |we are trying to use the noxcd as FTPCONF option.

FTPCONF=noxdc is to suppress "MODE XDC" which is used just between
two DeleGates.
Maybe you are mentioning about the "EPSV" command.

 |But it seems not to be working, or at least not to do what I thought.
 |Our clients still continue to try to use extended passive mode (which
 |brings up issues with the firewall).

Does the firewall not support or reject EPSV?
As far as I know EPSV is more firewall friendly than PASV.

 |The only difference is that the
 |proxy ftp banner does not advertise XDC anymore.

You can suppress both PASV and EPSV with FTPCONF="nopasv" but it will
not be desired behavior.  The enclosed patch adds a new switch

  FTPCONF="noepsv"

which disables the announcement of EPSV to the client's FEAT command.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

*** dist/src/delegate9.9.5-pre6/src/ftp.c	Fri Aug 21 03:56:25 2009
--- ./src/ftp.c	Tue Sep  8 17:02:20 2009
***************
*** 71,76 ****
--- 71,77 ----
  	int	fc_chokedata;
  	int	fc_noxdcSV;	/* don't use XDC with server */
  	int	fc_noxdcCL;
+ 	int	fc_noepsvCL;
  	int	fc_nopasvSV;	/* don't use PASV with server */
  	int	fc_nopasvCL;
  	int	fc_noportSV;
***************
*** 378,383 ****
--- 379,387 ----
  	if( strcaseeq(what,"CHOKEDATA") ){
  		FCF.fc_chokedata = atoi(val);
  	}else
+ 	if( strcaseeq(what,"NOEPSV") ){
+ 		if( *val == 0 || strcaseeq(val,"cl") ) FCF.fc_noepsvCL = 1;
+ 	}else
  	if( strcaseeq(what,"NOPASV") ){
  		if( *val == 0 || strcaseeq(val,"sv") ) FCF.fc_nopasvSV = 1;
  		if( *val == 0 || strcaseeq(val,"cl") ) FCF.fc_nopasvCL = 1;
***************
*** 2182,2187 ****
--- 2186,2192 ----
  	}
  	fprintf(tc," SIZE\r\n");
  	if( !FCF.fc_nopasvCL )
+ 	if( !FCF.fc_noepsvCL )
  		fprintf(tc," EPSV\r\n");
  	if( !FCF.fc_noportCL )
  		fprintf(tc," EPRT\r\n");

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V