You are viewing a plain text version of this content. The canonical link for it is here.
Posted to ftpserver-dev@incubator.apache.org by "Clinton Foster (JIRA)" <ji...@apache.org> on 2007/04/23 18:26:15 UTC
[jira] Created: (FTPSERVER-83) Allow configuring IP address for
PASV response
Allow configuring IP address for PASV response
----------------------------------------------
Key: FTPSERVER-83
URL: https://issues.apache.org/jira/browse/FTPSERVER-83
Project: FtpServer
Issue Type: Improvement
Components: Core
Reporter: Clinton Foster
Priority: Minor
Currently there is no way to configure the IP address returned in response to the PASV command. The config.data-connection.passive.address parameter allows configuring the local network interface where data connections should be accepted. But if the server is behind a firewall, the address it returns to the client must be an external address, not a local address like 10.10.1.2.
The current code will only work with firewalls that are smart enough to sniff the control connection and automatically rewrite the correct external address in PASV responses. But it won't work if the control connection is running over SSL. To handle the SSL case (and the unsophisticated firewall case) a new configuration parameter is needed. I would suggest calling it config.data-connection.passive.external-address.
Ideally, the server should notice if the client's control connection came from a local address, and if so return the local address instead of the external address. This allows local clients to make passive data connections to the server even if the external address is not resolvable for them. JDK 1.4 provides methods on InetAddress for making this determination, such as isLinkLocalAddress().
I am going to attach a patch for the pre-MINA code base from early January (2007). When I update to the latest code base I can attach an updated patch if this patch hasn't been incorporated by that time.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Updated: (FTPSERVER-83) Allow configuring IP address for
PASV response
Posted by Niklas Gustavsson <ni...@protocol7.com>.
Hey Clinton,
I will have a look at this as soon as I can find the time, it's a very
useful addition!
/niklas
Clinton Foster (JIRA) wrote:
> [ https://issues.apache.org/jira/browse/FTPSERVER-83?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> Clinton Foster updated FTPSERVER-83:
> ------------------------------------
>
> Attachment: FTPSERVER-83_diffs.zip
>
> These diffs are based on the pre-MINA code base from early January 07. I will provide updated diffs when I upgrade to the latest source code if these changes have not been incorporated into the code base by then.
>
>> Allow configuring IP address for PASV response
>> ----------------------------------------------
>>
>> Key: FTPSERVER-83
>> URL: https://issues.apache.org/jira/browse/FTPSERVER-83
>> Project: FtpServer
>> Issue Type: Improvement
>> Components: Core
>> Reporter: Clinton Foster
>> Priority: Minor
>> Attachments: FTPSERVER-83_diffs.zip
>>
>>
>> Currently there is no way to configure the IP address returned in response to the PASV command. The config.data-connection.passive.address parameter allows configuring the local network interface where data connections should be accepted. But if the server is behind a firewall, the address it returns to the client must be an external address, not a local address like 10.10.1.2.
>> The current code will only work with firewalls that are smart enough to sniff the control connection and automatically rewrite the correct external address in PASV responses. But it won't work if the control connection is running over SSL. To handle the SSL case (and the unsophisticated firewall case) a new configuration parameter is needed. I would suggest calling it config.data-connection.passive.external-address.
>> Ideally, the server should notice if the client's control connection came from a local address, and if so return the local address instead of the external address. This allows local clients to make passive data connections to the server even if the external address is not resolvable for them. JDK 1.4 provides methods on InetAddress for making this determination, such as isLinkLocalAddress().
>> I am going to attach a patch for the pre-MINA code base from early January (2007). When I update to the latest code base I can attach an updated patch if this patch hasn't been incorporated by that time.
>
[jira] Closed: (FTPSERVER-83) Allow configuring IP address for PASV
response
Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-83?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-83.
--------------------------------------
Resolution: Fixed
Fix Version/s: 1.0-M2
Assignee: Niklas Gustavsson
commit -m "Implemented a configurable external passive address (FTPSERVER-83) as suggested by Clinton Foster" C:/home/niklas/workspaces/apache/ftpserver/ftplet-api/src/java/org/apache/ftpserver/ftplet/AuthenticationFailedException.java C:/home/niklas/workspaces/apache/ftpserver/ftplet-api/src/java/org/apache/ftpserver/ftplet/DataConnection.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/EPRT.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/EPSV.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/PASV.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/PORT.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/DataConnectionException.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/DefaultDataConnectionConfig.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/interfaces/DataConnectionConfig.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/mina/FtpRequestDecoder.java C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/ServerDataConnectionFactory.java C:/home/niklas/workspaces/apache/ftpserver/core/src/test/org/apache/ftpserver/clienttests/PasvAddressTest.java C:/home/niklas/workspaces/apache/ftpserver/core/src/test/org/apache/ftpserver/clienttests/PasvAddressWithHostnameTest.java C:/home/niklas/workspaces/apache/ftpserver/distribution/res/conf/ftpd.properties C:/home/niklas/workspaces/apache/ftpserver/distribution/res/conf/ftpd.xml
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/EPRT.java
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/EPSV.java
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/PASV.java
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/command/PORT.java
Adding C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/DataConnectionException.java
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/DefaultDataConnectionConfig.java
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/interfaces/DataConnectionConfig.java
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/IODataConnectionFactory.java
Deleting C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/listener/mina/FtpRequestDecoder.java
Sending C:/home/niklas/workspaces/apache/ftpserver/core/src/java/org/apache/ftpserver/ServerDataConnectionFactory.java
Adding C:/home/niklas/workspaces/apache/ftpserver/core/src/test/org/apache/ftpserver/clienttests/PasvAddressTest.java
Adding C:/home/niklas/workspaces/apache/ftpserver/core/src/test/org/apache/ftpserver/clienttests/PasvAddressWithHostnameTest.java
Sending C:/home/niklas/workspaces/apache/ftpserver/distribution/res/conf/ftpd.properties
Sending C:/home/niklas/workspaces/apache/ftpserver/distribution/res/conf/ftpd.xml
Sending C:/home/niklas/workspaces/apache/ftpserver/ftplet-api/src/java/org/apache/ftpserver/ftplet/AuthenticationFailedException.java
Sending C:/home/niklas/workspaces/apache/ftpserver/ftplet-api/src/java/org/apache/ftpserver/ftplet/DataConnection.java
Transmitting file data ...
Committed revision 535345.
> Allow configuring IP address for PASV response
> ----------------------------------------------
>
> Key: FTPSERVER-83
> URL: https://issues.apache.org/jira/browse/FTPSERVER-83
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Clinton Foster
> Assigned To: Niklas Gustavsson
> Priority: Minor
> Fix For: 1.0-M2
>
> Attachments: FTPSERVER-83_diffs.zip
>
>
> Currently there is no way to configure the IP address returned in response to the PASV command. The config.data-connection.passive.address parameter allows configuring the local network interface where data connections should be accepted. But if the server is behind a firewall, the address it returns to the client must be an external address, not a local address like 10.10.1.2.
> The current code will only work with firewalls that are smart enough to sniff the control connection and automatically rewrite the correct external address in PASV responses. But it won't work if the control connection is running over SSL. To handle the SSL case (and the unsophisticated firewall case) a new configuration parameter is needed. I would suggest calling it config.data-connection.passive.external-address.
> Ideally, the server should notice if the client's control connection came from a local address, and if so return the local address instead of the external address. This allows local clients to make passive data connections to the server even if the external address is not resolvable for them. JDK 1.4 provides methods on InetAddress for making this determination, such as isLinkLocalAddress().
> I am going to attach a patch for the pre-MINA code base from early January (2007). When I update to the latest code base I can attach an updated patch if this patch hasn't been incorporated by that time.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (FTPSERVER-83) Allow configuring IP address for
PASV response
Posted by "Clinton Foster (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FTPSERVER-83?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clinton Foster updated FTPSERVER-83:
------------------------------------
Attachment: FTPSERVER-83_diffs.zip
These diffs are based on the pre-MINA code base from early January 07. I will provide updated diffs when I upgrade to the latest source code if these changes have not been incorporated into the code base by then.
> Allow configuring IP address for PASV response
> ----------------------------------------------
>
> Key: FTPSERVER-83
> URL: https://issues.apache.org/jira/browse/FTPSERVER-83
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Reporter: Clinton Foster
> Priority: Minor
> Attachments: FTPSERVER-83_diffs.zip
>
>
> Currently there is no way to configure the IP address returned in response to the PASV command. The config.data-connection.passive.address parameter allows configuring the local network interface where data connections should be accepted. But if the server is behind a firewall, the address it returns to the client must be an external address, not a local address like 10.10.1.2.
> The current code will only work with firewalls that are smart enough to sniff the control connection and automatically rewrite the correct external address in PASV responses. But it won't work if the control connection is running over SSL. To handle the SSL case (and the unsophisticated firewall case) a new configuration parameter is needed. I would suggest calling it config.data-connection.passive.external-address.
> Ideally, the server should notice if the client's control connection came from a local address, and if so return the local address instead of the external address. This allows local clients to make passive data connections to the server even if the external address is not resolvable for them. JDK 1.4 provides methods on InetAddress for making this determination, such as isLinkLocalAddress().
> I am going to attach a patch for the pre-MINA code base from early January (2007). When I update to the latest code base I can attach an updated patch if this patch hasn't been incorporated by that time.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.