[Zope-dev] passive FTP to Zope with a specified port-range
Hi,
I'm trying to modify the zope ftp-access to specify a port range
within the server selects the ports for the passive ftp communication
with the ftp-clients. This is in order to have the Zope server behind
a firewall blocking more then the privileged ports only.
I managed to modify the passive_acceptor within the medusa ftp server
file. The problem I have is that certain FTP clients (e.g. gftp)
close there connection because of messages coming from the server.
The code I have modified is in
/usr/lib/zope/ZServer/medusa/ftp_server.py
class passive_acceptor (asyncore.dispatcher):
ready = None
def __init__ (self, control_channel):
# connect_fun (conn, addr)
asyncore.dispatcher.__init__ (self)
self.control_channel = control_channel
self.create_socket (socket.AF_INET, socket.SOCK_STREAM)
to=open('/tmp/zope.log','a')
for i in range(1,11000):
# bind to an address on the interface that the
# control connection is coming from.
to.write(ftp connection - port %d\n%i)
bres = self.bind ((
self.control_channel.getsockname()[0],
i
))
to.write(ftp connection - bind:+`bres`+\n)
if bres == None :
break
self.addr = self.getsockname()
self.listen (1)
to.close()
Accessing the Zope-server through a firewall that has only the ports
1 to 11000 open using gftp allows the firs connection but
disconnects with an error message when I change the directory.
The error message is:
451 Server Error: socket.error, (98,'Address already in use'): file:
/usr/lib/zope/ZServer/medusa/asyncore.py line: 250
Do you have any hints on this?
Thanks and Best Regards
Tobias
--
-
Tobias Schiebeck [EMAIL PROTECTED]
International AVS Centre Manchester Visualization Centre
http://www.iavsc.org tel: (+44) 161-275-6870
-
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] passive FTP to Zope with a specified port-range
Mr Tobias Schiebeck wrote: 451 Server Error: socket.error, (98,'Address already in use'): file: /usr/lib/zope/ZServer/medusa/asyncore.py line: 250 Do you have any hints on this? Sadly not, but if you get this working, please lemme know, this owuld be very cool :-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] passive FTP to Zope with a specified port-range
Mr Tobias Schiebeck wrote:
Hi,
I'm trying to modify the zope ftp-access to specify a port range
within the server selects the ports for the passive ftp communication
with the ftp-clients. This is in order to have the Zope server behind
a firewall blocking more then the privileged ports only.
I managed to modify the passive_acceptor within the medusa ftp server
file. The problem I have is that certain FTP clients (e.g. gftp)
close there connection because of messages coming from the server.
The code I have modified is in
/usr/lib/zope/ZServer/medusa/ftp_server.py
class passive_acceptor (asyncore.dispatcher):
ready = None
def __init__ (self, control_channel):
# connect_fun (conn, addr)
asyncore.dispatcher.__init__ (self)
self.control_channel = control_channel
self.create_socket (socket.AF_INET, socket.SOCK_STREAM)
to=open('/tmp/zope.log','a')
for i in range(1,11000):
# bind to an address on the interface that the
# control connection is coming from.
to.write(ftp connection - port %d\n%i)
bres = self.bind ((
self.control_channel.getsockname()[0],
i
))
to.write(ftp connection - bind:+`bres`+\n)
if bres == None :
break
self.addr = self.getsockname()
self.listen (1)
to.close()
Accessing the Zope-server through a firewall that has only the ports
1 to 11000 open using gftp allows the firs connection but
disconnects with an error message when I change the directory.
The error message is:
451 Server Error: socket.error, (98,'Address already in use'): file:
/usr/lib/zope/ZServer/medusa/asyncore.py line: 250
Do you have any hints on this?
Thanks and Best Regards
Tobias
passive ftp through a firewall ?
you still need to have a whole range of ports opened so what's the
point. FTP sucks and should be illegal.
you could solve the same problem using sftp (which is more secure but
moreover,
just uses 1 connection) and a FSDirectoryview.
have fun,
Sloot.
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] passive FTP to Zope with a specified port-range
On 2 Aug 2002 at 11:53, Mr Tobias Schiebeck wrote: I'm trying to modify the zope ftp-access to specify a port range within the server selects the ports for the passive ftp communication with the ftp-clients. This is in order to have the Zope server behind a firewall blocking more then the privileged ports only. This feature has already been added to Zope 2.6 as a patch. I originally added it to Zope 2.5, so I think you can just copy the 2.6 ftp_server from CVS and drop it into your current Zope to get it to work. Brad Clements,[EMAIL PROTECTED] (315)268-1000 http://www.murkworks.com (315)268-9812 Fax AOL-IM: BKClements ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
