[
https://issues.apache.org/jira/browse/NET-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13004710#comment-13004710
]
Sebb commented on NET-363:
--------------------------
Thanks, that's very helpful to know.
The fix is as follows:
If the PASV reply host is a local address, and the remote host is not local,
then use the remote host address instead of the PASV reply. If both are local
addresses, no changes are made.
I think this can only be a problem if there is some kind of NAT between the two
local hosts, in which case I suspect the original connection would have to be
made using a non-local address, and then the patch would apply.
If anyone finds otherwise, please re-open with details!
> Can't connect to a server behind firewall in passive mode
> ---------------------------------------------------------
>
> Key: NET-363
> URL: https://issues.apache.org/jira/browse/NET-363
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 2.2
> Environment: Windows Client with Zos mainframe server behind a
> firewall. However I think any client/server will demonstrate the issue as
> long as the server is behind a firewall.
> Reporter: daniel damon
> Priority: Blocker
> Fix For: 3.0
>
>
> When the FTP server is behind a firewall, FTPClient can connect, but it
> cannot transfer data. This is because the FTP server provides it's own
> address instead of the firewall address to make the connection. I have
> confirmed the problem by hacking a copy of FTPClient to set the __passiveHost
> to the appropriate internet address. With this hack, I can transfer data.
> Perhaps the FTP server could be configured differently to fix the issue.
> Unfortunately, I do not have access to the server configuration. I do know
> that the commercial product IpswitchFtp does deal with the issue as this
> extract from it's log shows:
> ------------
> PASV
> 227 Entering Passive Mode (192,168,13,11,195,129)
> connecting data channel to 192.168.13.11:195,129(50049)
> Substituting connection address 159.106.121.79 for private address
> 192.168.13.11 from PASV
> data channel connected to 159.106.121.79:195,129(50049)
> LIST
> 125 List started OK
> transferred 4157 bytes in 0.078 seconds, 425.688 kbps ( 53.211 kBps),
> transfer succeeded.
> 250 List completed successfully.
> QUIT
> ----------------------------
> I can take a shot at a fix if you want. I'll set some timeout, and if that
> fails, I'll use the original address
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
