Arno Garrels wrote:
> Or modify the FTP server component in a way that
> PasvIpAddr can be set privately for a particular client
> depending on it's source IP (just an idea?).
I need such an option as well. So I just changed the code
as mentioned above. New option ftpsNoPasvIpAddrInLan and
a function that checks whether the peer address is in a
private network or not.
But I wonder if it was not better to trigger just an event
before PasvIpAddr will be used that would allow the component
user to do his individual checks, what do you think is better?
Currently I get the raw peer address in
procedure TFtpCtrlSocket.Dup(newHSocket : TSocket);
var
Len : Integer;
begin
inherited Dup(newHSocket);
{$IFDEF CLR}
if DesignMode then begin
FPeerAddr := '';
Exit;
end;
{$ENDIF}
//FPeerAddr := inherited GetPeerAddr;
Len := SizeOf(TSockAddr);
if WSocket_GetPeerName(newHSocket, FPeerSAddr, Len) = 0 then
FPeerAddr := WSocket_inet_ntoa(FPeerSAddr.sin_addr)
else begin
SocketError('GetPeerName');
Exit;
end;
end;
PeerSAddr is a new property, we need to get it just once.
function IsIpPrivate(saddr : TSockAddrIn): Boolean;
begin
Result := (Byte(saddr.sin_addr.S_un_b.s_b1) = 10) or // private class A
(saddr.sin_addr.S_un_w.s_w1 = 4268) or // private class B
(saddr.sin_addr.S_un_w.s_w1 = 43200); // private class C
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *}
procedure TFtpServer.CommandPASV(
...
else begin
if (FPasvIpAddr = '') or
((ftpsNoPasvIpAddrInLan in FOptions) and
IsIpPrivate(Client.PeerSAddr)) then
Answer := Format(msgPasvRemote,
[ord(IPAddr.S_un_b.s_b1),
ord(IPAddr.S_un_b.s_b2),
ord(IPAddr.S_un_b.s_b3),
ord(IPAddr.S_un_b.s_b4),
HiByte(DataPort),
LoByte(DataPort)])
else begin
...
>
> ---
> Arno Garrels [TeamICS]
> http://www.overbyte.be/eng/overbyte/teamics.html
>
>
> Arnold FLUTEAUX wrote:
>> Ok, I understand that port 21 is an exception and the router replaces
>> automatically the private IP by the public IP. It's not the case for
>> others
>> ports. OK.
>>
>> And for these others cases, we must use PASVIPAdress in which, we set
>> public
>> IP.
>>
>> So now, suppose that I've a server behind a router with IP public is
>> 194.206.244.150 for example and IP private would be 192.2.1.3. I
>> set PASVIPAdress with 194.206.244.150 on port 1985 and I connect it
>> on from
>> outside lan. So it's OK.
>>
>> And now, if I want to connect it from inside LAN. So I connect it
>> with 192.2.1.3, always in passiv mode on 1985 port. But in this
>> case, it's not
>> good because the server response to PASV command the IP public
>> 194.206.244.150 and the client can't connect from inside to
>> 194.206.244.150.
>>
>> What can I do for this case ?
>>
>> Sorry it's difficult to explain that in English; I'm French !
>>
>>
>>
>> Arnold
>>
>>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
