I need to check for the same subnet instead of private IPs, sometimes I'm too slow :)
Arno Garrels wrote: > Arno Garrels wrote: >> Or modify the FTP server component in a way that >> PasvIpAddr can be set privately for a particular client >> depending on it's source IP (just an idea?). > > I need such an option as well. So I just changed the code > as mentioned above. New option ftpsNoPasvIpAddrInLan and > a function that checks whether the peer address is in a > private network or not. > But I wonder if it was not better to trigger just an event > before PasvIpAddr will be used that would allow the component > user to do his individual checks, what do you think is better? > > Currently I get the raw peer address in > > procedure TFtpCtrlSocket.Dup(newHSocket : TSocket); > var > Len : Integer; > begin > inherited Dup(newHSocket); > {$IFDEF CLR} > if DesignMode then begin > FPeerAddr := ''; > Exit; > end; > {$ENDIF} > //FPeerAddr := inherited GetPeerAddr; > Len := SizeOf(TSockAddr); > if WSocket_GetPeerName(newHSocket, FPeerSAddr, Len) = 0 then > FPeerAddr := WSocket_inet_ntoa(FPeerSAddr.sin_addr) > else begin > SocketError('GetPeerName'); > Exit; > end; > end; > > PeerSAddr is a new property, we need to get it just once. > > > function IsIpPrivate(saddr : TSockAddrIn): Boolean; > begin > Result := (Byte(saddr.sin_addr.S_un_b.s_b1) = 10) or // private > class A (saddr.sin_addr.S_un_w.s_w1 = 4268) or // > private class B (saddr.sin_addr.S_un_w.s_w1 = > 43200); // private class C end; > > > {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > * * * * *} procedure TFtpServer.CommandPASV( > ... > else begin > if (FPasvIpAddr = '') or > ((ftpsNoPasvIpAddrInLan in FOptions) and > IsIpPrivate(Client.PeerSAddr)) then > Answer := Format(msgPasvRemote, > [ord(IPAddr.S_un_b.s_b1), > ord(IPAddr.S_un_b.s_b2), > ord(IPAddr.S_un_b.s_b3), > ord(IPAddr.S_un_b.s_b4), > HiByte(DataPort), > LoByte(DataPort)]) > else begin > ... > >> >> --- >> Arno Garrels [TeamICS] >> http://www.overbyte.be/eng/overbyte/teamics.html >> >> >> Arnold FLUTEAUX wrote: >>> Ok, I understand that port 21 is an exception and the router >>> replaces automatically the private IP by the public IP. It's not >>> the case for others >>> ports. OK. >>> >>> And for these others cases, we must use PASVIPAdress in which, we >>> set public >>> IP. >>> >>> So now, suppose that I've a server behind a router with IP public is >>> 194.206.244.150 for example and IP private would be 192.2.1.3. I >>> set PASVIPAdress with 194.206.244.150 on port 1985 and I connect it >>> on from >>> outside lan. So it's OK. >>> >>> And now, if I want to connect it from inside LAN. So I connect it >>> with 192.2.1.3, always in passiv mode on 1985 port. But in this >>> case, it's not >>> good because the server response to PASV command the IP public >>> 194.206.244.150 and the client can't connect from inside to >>> 194.206.244.150. >>> >>> What can I do for this case ? >>> >>> Sorry it's difficult to explain that in English; I'm French ! >>> >>> >>> >>> Arnold -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be