Re: FTP server passive mode behind firewall

Giganews Newsgroups
Subject: Re: FTP server passive mode behind firewall
Posted by:  J. Peter Mugaas (oma002…@mail.wvnet.edu)
Date: Tue, 17 Feb 2004

On Tue, 17 Feb 2004 16:23:23 -0500, Brian wrote:

> I've used several other free ftp server programs but only a few support
> using a different IP for passive transfer (that is, the actual public IP of
> the network the server is behind).  The actual IP my server runs on is
> 192.168.1.103 and of course that won't work on the internet.  Is there a way
> to tell indy what IP to use instead of it just using the local computer's
> IP?
>
> I think I can see in the source where it finds the IP to use, but I would
> rather not modify the source if I don't have to...
>
I have gone ahead and checked in that functionality for Indy 10 less than
an hour ago.  The event is OnPASV.  You can change the IP address in that
event as well as the port.  You will need all of the current Indy 10 code
from VCS.  It may be worth using because Indy 10's FTP server has quite a
number of advancements over Indy 9 although it may be break code based on
Indy 9's FTP server.  The FTP output is much better than Indy 9.0's, a
number of FTP clients are supported, some newer FTP commands have been
added (MLSD, MLST, FEAT, EPRT, EPSV, CPSV, SSCN, AUTH TLS, AUTH SSL, OPTS,
MDTM, MFMT, MFCT, MODE Z, PROT, COMB, XCRC), FTP Site to site transfers can
be better controlled for security, FTP with SSL (including using third
party vendor frameworks) is now supported (including secure FTP site to
site FTP transfers), deflate compression/depression support was added, IPv5
support has been added, and there's quite a few other nifty things.

I should post a few notes for you and our listening audience.

1) Do not change values in this event unless you have a compelling reason
to do so.  This event is only for those who have a compelling reason.
Even, it's a good idea to see if you really do have a compelling reason.  I
say that because many NAT's are aware of FTP will do appropriate fix-ups in
a transparent manner between the FTP client and the FTP server.
2) Changing the IP address will have no effect when using the SPSV and EPSV
commands in Indy 10.  The reason is that the IP address is never given as a
reply to those commands.  The server is presumed to be the same IP address
that the client is connecting to.

Trust me, you haven't seen a FTP server until you've seen this :-).

HTH.

--
J. Peter Mugaas - Indy Pit Crew
Internet Direct (Indy) Website -http://www.nevrona.com/Indy
Personal Home Page -http://www.wvnet.edu/~oma00215
If I want to do business with you, I will contact you.  Otherwise, do not
contact me.

Replies

In response to

FTP server passive mode behind firewall posted by Brian on Tue, 17 Feb 2004