The following reply was made to PR mod_proxy/2770; it has been noted by GNATS.
From: Andreas Pflug <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: mod_proxy/2770: FTP proxy over firewall fails
Date: Mon, 22 Feb 1999 10:38:29 +0100
The problem has in fact two parts:
- PASV connection is tried first, but the proxy won't allow unknown ports on
both sides. As a workaround, I commented out the PASV code in proxy_ftp.c
(#define TRY_PASV_FIRST 0)
- no PORT command is issued. I added the following code to 1.3.3:
*** proxy_ftp.c.org Tue Nov 24 18:10:24 1998
--- proxy_ftp.c Tue Nov 24 19:38:13 1998
***************
*** 792,797 ****
--- 792,799 ----
parms[0] = '\0';
}
+
+ #if TRY_PASV_FIRST
/* try to set up PASV data connection first */
dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (dsock == -1) {
***************
*** 873,878 ****
--- 875,882 ----
else
ap_pclosesocket(p, dsock); /* and try the regular way */
}
+ #endif
+
if (!pasvmode) { /* set up data connection */
clen = sizeof(struct sockaddr_in);
***************
*** 915,920 ****
--- 919,952 ----
ap_bclose(f);
ap_pclosesocket(p, dsock);
return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+
+ {
+ unsigned char *ptr=(unsigned char*)&server.sin_addr;
+ sprintf(pasv, "%d,%d,%d,%d,%d,%d",
+ ptr[0], ptr[1], ptr[2], ptr[3],
+ (server.sin_port) & 255,
+ (server.sin_port>>8) & 255);
+ }
+
+ ap_bputs("PORT ", f);
+ ap_bputs(pasv, f);
+ ap_bputs(CRLF, f);
+ ap_bflush(f);
+
+ Explain1("FTP: Port %s", pasv);
+ i = ftp_getrc_msg(f, resp, sizeof(resp));
+ if (i != 200)
+ {
+ char buff[32];
+ ap_snprintf(buff, sizeof(buff), "%d - %s:%d", i,
+ inet_ntoa(server.sin_addr), server.sin_port);
+ ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
+ "proxy: error in PORT Command: %s", pasv);
+ ap_bclose(f);
+ ap_pclosesocket(p, dsock);
+ return SERVER_ERROR;
}
listen(dsock, 2); /* only need a short queue */
}
