Re: Passive mode FTP with router. Unable to transfer files

Giganews Newsgroups
Subject: Re: Passive mode FTP with router. Unable to transfer files
Posted by:  Remy Lebeau (TeamB) (
Date: Thu, 27 Oct 2005

"Gordon Kästner" <Gordon.Kaestn…> wrote in message

> |Client| ------ |Router| ---Internet--- |Router| ------ |Server|

The only way to make a file transfer work when a router is involved is when
the router is configured for port forwarding and the router's public IP/port
are used for the transfer.  In the case of multiple routers, there are two
possible scenerios:

1) the client sends the PORT command, specifying the client router's public
IP and port, and the client's router has been set up for port forwarding

2) the client sends the PASV command, and the server returns the server
router's public IP and port, and the server's router has been set up for
port forwarding

> I want to use passive mode ftp!

See #2 above.

> So the client-router doesn't need to setup forwarding, right?

No.  But the server's router does.

> I set PASVBoundPortMin to 45000 and PASVBoundPortMax
> to 46000. Which other settings are interesting for me?

Unless the router is smart enough to recognize FTP commands and adjust them
accordingly, then you will have to use TIdFTPServer's OnPASVReply event to
specify the router's public IP.  By default, TIdFTPServer reports the local
IP that it is listening on.  That will not work when the server is behind a

> I played around with RequirePASVFromSameIP,
> RequirePORTfromSameIP and NoReservedPortRange of
> the SecurityOptions but nothing worked.

Those settings have nothing to do with the problem you are having.

> I read that I have to use OnPASVBeforeBind and OnPASVReply

You only need OnPASVReply in this situation.

> but how?

    procedure TForm1.IdFTPServerPASVReply(ASender: TIdFTPServerContext; var
VIP : String; var VPort : Word; const AIPVer : TIdIPVersion);
        If (Server is Behind a Router) then
            VIP := 'Public IP of Router';

> Although I'll use passive mode ftp are there some settings
> on the client-side to consider?

No.  It has no concept that the server is behind a router, nor does it need
to.  The router will handle the traffic transparently.  As far as the client
is concerned, the router is the server.

> Set VIP in PASVBeforeBind and PASVReply to ther IP
> of the server-sided router!

You should not be specifying the router's IP in the OnPASVBeforeBind event.
Doing so will cause PASV to always fail because TCP cannot bind a socket on
an external hardware device.  You must specify the server's LAN IP in the
OnPASVBeforeBind event (which TIdFTPServer already uses by default).



In response to

Passive mode FTP with router. Unable to transfer files posted by Gordon Kästner on Thu, 27 Oct 2005