[Cyberduck-trac] [Cyberduck] #998: Connecting to FTP server behind firewall with port forwarding failing
Cyberduck
trac at trac.cyberduck.ch
Thu Jan 18 16:01:03 CET 2007
#998: Connecting to FTP server behind firewall with port forwarding failing
-------------------------+--------------------------------------------------
Reporter: epugh | Owner: dkocher
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: ftp | Version: 2.7.2
Severity: normal | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Changes (by dkocher):
* type: defect => enhancement
* component: core => ftp
Old description:
> I have a FTP server behind a firewall... The firewall is 192.261.1.1,
> and the server is 192.168.1.3. When I connect using cyberduck I get back
> the PORT to use as 192.168.1.3:XXXX, not my public IP address!
>
> Here is the text of my IM conversation with my friend who diagnosed it:
>
> cguillot at mac.com
> ok, so an ftp server sends its ip address in the response to a passive
> mode PORT request, along with the port number to connect to...
> 11:21
> » ie. I send PORT, it sends back (my ip):5005 or somesuch.
> 11:22
> Eric Pugh
> ok
> 11:22
> cguillot at mac.com
> Because you're forwarding ports, the server is (correctly) sending back
> 192.168.100.103:5005
> 11:22
> Eric Pugh
> right
> 11:22
> cguillot at mac.com
> And cyberduck, not being very smart, is taking it at its word, and not
> noticing that that is not the ip address it connected to initially.
> 11:22
> » ...and 192.168.100.103 is not routable from where you are....
> 11:23
> Eric Pugh
> ah...
> 11:23
> cguillot at mac.com
> Most ftp clients (incl the cmd line one) will try the ip address they
> know to be correct in the case of a private ip being returned in response
> to PORT.
> 11:24
> Eric Pugh
> submitting bug to cyberduck
> 11:24
> » fugu seems to do the same thing
New description:
I have a FTP server behind a firewall... The firewall is 192.261.1.1,
and the server is 192.168.1.3. When I connect using cyberduck I get back
the PORT to use as 192.168.1.3:XXXX, not my public IP address!
Here is the text of my IM conversation with my friend who diagnosed it:
{{{
cguillot at mac.com
ok, so an ftp server sends its ip address in the response to a passive
mode PORT request, along with the port number to connect to...
11:21
» ie. I send PORT, it sends back (my ip):5005 or somesuch.
11:22
Eric Pugh
ok
11:22
cguillot at mac.com
Because you're forwarding ports, the server is (correctly) sending back
192.168.100.103:5005
11:22
Eric Pugh
right
11:22
cguillot at mac.com
And cyberduck, not being very smart, is taking it at its word, and not
noticing that that is not the ip address it connected to initially.
11:22
» ...and 192.168.100.103 is not routable from where you are....
11:23
Eric Pugh
ah...
11:23
cguillot at mac.com
Most ftp clients (incl the cmd line one) will try the ip address they know
to be correct in the case of a private ip being returned in response to
PORT.
11:24
Eric Pugh
submitting bug to cyberduck
11:24
» fugu seems to do the same thing
}}}
--
Ticket URL: <http://trac.cyberduck.ch/ticket/998#comment:1>
Cyberduck <http://cyberduck.ch>
FTP and SFTP Browser for Mac OS X.
More information about the Cyberduck-trac
mailing list