Article delegate-en/4555 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4554@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: FTP extended passive mode issues
09 Sep 2009 10:28:04 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4554@delegate-en.ML_> on 09/08/09(17:35:22)
you Sebastien Barbereau <pzaiqbdyi-rcweveeez7tr.ml@ml.delegate.org> wrote:
 |Concerning the 'why' we want to disable the  EPSV (you ar right it's not
 |the xdc but extended passive):
 |Our proxy sits on a dedicated DMZ of our firewall. For some reasons the
 |firewall doesn't seem to interpret the EPSV command in some
 |circumstances. In other words:
 |- from proxy to internet EPSV works
 |- from hosts on a different network as the proxy via the ftp-proxy (and
 |through the firewall): doesnt work. I can event see the packets of the
 |extended connection being rejected by the firewall.
 |This makes me think that the firewall has a problem to handle the EPSV
 |command parameters when they come from the proxy. The most obvious and
 |immediate change for me is to disable EPSV at the proxy level for the
 |clients. (In a second phase trying to get the FW vendor to acknowledge
 |the problem and solve it).

I see.

 |I can confirm that nopasv:cl does solve the problem but I didnt yet had
 |a chance to test your patch.  I will do so as soon as possible.

I uploaded 9.9.5-pre7 including the patch for FTPCONF="noepsv:cl".

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V