Arno Garrels wrote: > Or modify the FTP server component in a way that > PasvIpAddr can be set privately for a particular client > depending on it's source IP (just an idea?).
I need such an option as well. So I just changed the code as mentioned above. New option ftpsNoPasvIpAddrInLan and a function that checks whether the peer address is in a private network or not. But I wonder if it was not better to trigger just an event before PasvIpAddr will be used that would allow the component user to do his individual checks, what do you think is better? Currently I get the raw peer address in procedure TFtpCtrlSocket.Dup(newHSocket : TSocket); var Len : Integer; begin inherited Dup(newHSocket); {$IFDEF CLR} if DesignMode then begin FPeerAddr := ''; Exit; end; {$ENDIF} //FPeerAddr := inherited GetPeerAddr; Len := SizeOf(TSockAddr); if WSocket_GetPeerName(newHSocket, FPeerSAddr, Len) = 0 then FPeerAddr := WSocket_inet_ntoa(FPeerSAddr.sin_addr) else begin SocketError('GetPeerName'); Exit; end; end; PeerSAddr is a new property, we need to get it just once. function IsIpPrivate(saddr : TSockAddrIn): Boolean; begin Result := (Byte(saddr.sin_addr.S_un_b.s_b1) = 10) or // private class A (saddr.sin_addr.S_un_w.s_w1 = 4268) or // private class B (saddr.sin_addr.S_un_w.s_w1 = 43200); // private class C end; {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *} procedure TFtpServer.CommandPASV( ... else begin if (FPasvIpAddr = '') or ((ftpsNoPasvIpAddrInLan in FOptions) and IsIpPrivate(Client.PeerSAddr)) then Answer := Format(msgPasvRemote, [ord(IPAddr.S_un_b.s_b1), ord(IPAddr.S_un_b.s_b2), ord(IPAddr.S_un_b.s_b3), ord(IPAddr.S_un_b.s_b4), HiByte(DataPort), LoByte(DataPort)]) else begin ... > > --- > Arno Garrels [TeamICS] > http://www.overbyte.be/eng/overbyte/teamics.html > > > Arnold FLUTEAUX wrote: >> Ok, I understand that port 21 is an exception and the router replaces >> automatically the private IP by the public IP. It's not the case for >> others >> ports. OK. >> >> And for these others cases, we must use PASVIPAdress in which, we set >> public >> IP. >> >> So now, suppose that I've a server behind a router with IP public is >> 194.206.244.150 for example and IP private would be 192.2.1.3. I >> set PASVIPAdress with 194.206.244.150 on port 1985 and I connect it >> on from >> outside lan. So it's OK. >> >> And now, if I want to connect it from inside LAN. So I connect it >> with 192.2.1.3, always in passiv mode on 1985 port. But in this >> case, it's not >> good because the server response to PASV command the IP public >> 194.206.244.150 and the client can't connect from inside to >> 194.206.244.150. >> >> What can I do for this case ? >> >> Sorry it's difficult to explain that in English; I'm French ! >> >> >> >> Arnold >> >> -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be