I need to check for the same subnet instead of
private IPs, sometimes I'm too slow :)
Arno Garrels wrote:
> Arno Garrels wrote:
>> Or modify the FTP server component in a way that
>> PasvIpAddr can be set privately for a particular client
>> depending on it's source IP (just an idea?).
>
> I need such an option as well. So I just changed the code
> as mentioned above. New option ftpsNoPasvIpAddrInLan and
> a function that checks whether the peer address is in a
> private network or not.
> But I wonder if it was not better to trigger just an event
> before PasvIpAddr will be used that would allow the component
> user to do his individual checks, what do you think is better?
>
> Currently I get the raw peer address in
>
> procedure TFtpCtrlSocket.Dup(newHSocket : TSocket);
> var
> Len : Integer;
> begin
> inherited Dup(newHSocket);
> {$IFDEF CLR}
> if DesignMode then begin
> FPeerAddr := '';
> Exit;
> end;
> {$ENDIF}
> //FPeerAddr := inherited GetPeerAddr;
> Len := SizeOf(TSockAddr);
> if WSocket_GetPeerName(newHSocket, FPeerSAddr, Len) = 0 then
> FPeerAddr := WSocket_inet_ntoa(FPeerSAddr.sin_addr)
> else begin
> SocketError('GetPeerName');
> Exit;
> end;
> end;
>
> PeerSAddr is a new property, we need to get it just once.
>
>
> function IsIpPrivate(saddr : TSockAddrIn): Boolean;
> begin
> Result := (Byte(saddr.sin_addr.S_un_b.s_b1) = 10) or // private
> class A (saddr.sin_addr.S_un_w.s_w1 = 4268) or //
> private class B (saddr.sin_addr.S_un_w.s_w1 =
> 43200); // private class C end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * *} procedure TFtpServer.CommandPASV(
> ...
> else begin
> if (FPasvIpAddr = '') or
> ((ftpsNoPasvIpAddrInLan in FOptions) and
> IsIpPrivate(Client.PeerSAddr)) then
> Answer := Format(msgPasvRemote,
> [ord(IPAddr.S_un_b.s_b1),
> ord(IPAddr.S_un_b.s_b2),
> ord(IPAddr.S_un_b.s_b3),
> ord(IPAddr.S_un_b.s_b4),
> HiByte(DataPort),
> LoByte(DataPort)])
> else begin
> ...
>
>>
>> ---
>> Arno Garrels [TeamICS]
>> http://www.overbyte.be/eng/overbyte/teamics.html
>>
>>
>> Arnold FLUTEAUX wrote:
>>> Ok, I understand that port 21 is an exception and the router
>>> replaces automatically the private IP by the public IP. It's not
>>> the case for others
>>> ports. OK.
>>>
>>> And for these others cases, we must use PASVIPAdress in which, we
>>> set public
>>> IP.
>>>
>>> So now, suppose that I've a server behind a router with IP public is
>>> 194.206.244.150 for example and IP private would be 192.2.1.3. I
>>> set PASVIPAdress with 194.206.244.150 on port 1985 and I connect it
>>> on from
>>> outside lan. So it's OK.
>>>
>>> And now, if I want to connect it from inside LAN. So I connect it
>>> with 192.2.1.3, always in passiv mode on 1985 port. But in this
>>> case, it's not
>>> good because the server response to PASV command the IP public
>>> 194.206.244.150 and the client can't connect from inside to
>>> 194.206.244.150.
>>>
>>> What can I do for this case ?
>>>
>>> Sorry it's difficult to explain that in English; I'm French !
>>>
>>>
>>>
>>> Arnold
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
