Re: [jira] Updated: (FTPSERVER-83) Allow configuring IP address for PASV response

Sun, 29 Apr 2007 13:40:31 -0700 

Hey Clinton,
I will have a look at this as soon as I can find the time, it's a very useful addition! 

/niklas

Clinton Foster (JIRA) wrote:

     [ 
https://issues.apache.org/jira/browse/FTPSERVER-83?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Clinton Foster updated FTPSERVER-83:
------------------------------------

    Attachment: FTPSERVER-83_diffs.zip

These diffs are based on the pre-MINA code base from early January 07. I will 
provide updated diffs when I upgrade to the latest source code if these changes 
have not been incorporated into the code base by then.


Allow configuring IP address for PASV response
----------------------------------------------

                Key: FTPSERVER-83
                URL: https://issues.apache.org/jira/browse/FTPSERVER-83
            Project: FtpServer
         Issue Type: Improvement
         Components: Core
           Reporter: Clinton Foster
           Priority: Minor
        Attachments: FTPSERVER-83_diffs.zip


Currently there is no way to configure the IP address returned in response to 
the PASV command. The config.data-connection.passive.address parameter allows 
configuring the local network interface where data connections should be 
accepted. But if the server is behind a firewall, the address it returns to the 
client must be an external address, not a local address like 10.10.1.2.
The current code will only work with firewalls that are smart enough to sniff 
the control connection and automatically rewrite the correct external address 
in PASV responses. But it won't work if the control connection is running over 
SSL. To handle the SSL case (and the unsophisticated firewall case) a new 
configuration parameter is needed. I would suggest calling it 
config.data-connection.passive.external-address.
Ideally, the server should notice if the client's control connection came from 
a local address, and if so return the local address instead of the external 
address. This allows local clients to make passive data connections to the 
server even if the external address is not resolvable for them. JDK 1.4 
provides methods on InetAddress for making this determination, such as 
isLinkLocalAddress().
I am going to attach a patch for the pre-MINA code base from early January 
(2007). When I update to the latest code base I can attach an updated patch if 
this patch hasn't been incorporated by that time.


























					Reply via email to