You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "M. Flatterie" <ni...@yahoo.com> on 2005/03/17 16:56:24 UTC
[users@httpd] mod_proxy_ftp and EPSV
Greetings,
I am using the IBM HTTP server (== apache 2.0.47.1) as
a proxy. I loaded the mod_proxy, mod_proxy_http,
mod_proxy_connect and mod_proxy_ftp. When I try to
proxy to an FTP site the following happens:
- if the FTP server does not support EPSV and uses
PASV, everything is fine
- if the FTP server supports EPSV, I get the port back
but then the connection to that port fails. Extracts
from the logs when trying ftp.redhat.com:
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(193):
proxy: FTP: canonicalising URL //ftp.redhat.com/
[Thu Mar 17 10:51:22 2005] [debug] mod_proxy.c(459):
Trying to run scheme_handler
[Thu Mar 17 10:51:22 2005] [debug] proxy_http.c(1085):
proxy: HTTP: declining URL ftp://ftp.redhat.com/
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(827):
proxy: FTP: serving URL ftp://ftp.redhat.com/
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(920):
proxy: FTP: connecting ftp://ftp.redhat.com/ to
ftp.redhat.com:21
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(998):
proxy: FTP: fam 2 socket created, trying to connect to
66.187.224.30:21 (ftp.redhat.com)...
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(1048):
proxy: FTP: control connection complete
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(669):
proxy:<FTP: 220 Red Hat FTP server ready. All
transfers are logged. (FTP)
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(659):
proxy:>FTP: USER anonymous
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(669):
proxy:<FTP: 331 Please specify the password.
[Thu Mar 17 10:51:22 2005] [debug] proxy_ftp.c(659):
proxy:>FTP: PASS ****
[Thu Mar 17 10:51:23 2005] [debug] proxy_ftp.c(669):
proxy:<FTP: 230 Login successful.
[Thu Mar 17 10:51:23 2005] [debug] proxy_ftp.c(659):
proxy:>FTP: EPSV
[Thu Mar 17 10:51:23 2005] [debug] proxy_ftp.c(669):
proxy:<FTP: 229 Entering Extended Passive Mode
(|||12539|)
[Thu Mar 17 10:51:23 2005] [debug] proxy_ftp.c(1278):
proxy: FTP: EPSV contacting remote host on port 12539
[Thu Mar 17 10:51:23 2005] [error] (79)Connection
refused: proxy: FTP: EPSV attempt to connect to
66.187.224.30:12539 failed - Firewall/NAT?
[Thu Mar 17 10:51:23 2005] [error] [client
10.80.111.35] proxy: connect to 66.187.224.30:12539
failed - firewall/NAT? returned by
ftp://ftp.redhat.com/
This is what I got from my research into this:
- if I do not proxy, the browsers use PASV and do not
try EPSV, so it works ok
- EPSV is new for IPv6. My network guy confirms that
we have some network devices that do not support IPv6
yet
- I could modify the code to mod_proxy_ftp to bypass
EPSV
- there does not seem to be a configuration directive
to force PASV only.
- google, FAQ and archives did not reveal anything.
If I'm the only one with this, I must be missing
something...?
So aside from bypassing it in the code, what else
could I do?
Thanks a lot for your comments,
Nic.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org