[Cyberduck-trac] [Cyberduck] #998: Connecting to FTP server behind firewall with port forwarding failing

Thu Jan 18 16:01:03 CET 2007

#998: Connecting to FTP server behind firewall with port forwarding failing
-------------------------+--------------------------------------------------
 Reporter:  epugh        |        Owner:  dkocher
     Type:  enhancement  |       Status:  new    
 Priority:  normal       |    Milestone:         
Component:  ftp          |      Version:  2.7.2  
 Severity:  normal       |   Resolution:         
 Keywords:               |  
-------------------------+--------------------------------------------------
Changes (by dkocher):

  * type:  defect => enhancement
  * component:  core => ftp

Old description:

> I have a FTP server behind a firewall...   The firewall is 192.261.1.1,
> and the server is 192.168.1.3.  When I connect using cyberduck I get back
> the PORT to use as 192.168.1.3:XXXX, not my public IP address!
>
> Here is the text of my IM conversation with my friend who diagnosed it:
>
> cguillot at mac.com
> ok, so an ftp server sends its ip address in the response to a passive
> mode PORT request, along with the port number to connect to...
> 11:21
> » ie. I send PORT, it sends back (my ip):5005 or somesuch.
> 11:22
> Eric Pugh
> ok
> 11:22
> cguillot at mac.com
> Because you're forwarding ports, the server is (correctly) sending back
> 192.168.100.103:5005
> 11:22
> Eric Pugh
> right
> 11:22
> cguillot at mac.com
> And cyberduck, not being very smart, is taking it at its word, and not
> noticing that that is not the ip address it connected to initially.
> 11:22
> » ...and 192.168.100.103 is not routable from where you are....
> 11:23
> Eric Pugh
> ah...
> 11:23
> cguillot at mac.com
> Most ftp clients (incl the cmd line one) will try the ip address they
> know to be correct in the case of a private ip being returned in response
> to PORT.
> 11:24
> Eric Pugh
> submitting bug to cyberduck
> 11:24
> » fugu seems to do the same thing

New description:

 I have a FTP server behind a firewall...   The firewall is 192.261.1.1,
 and the server is 192.168.1.3.  When I connect using cyberduck I get back
 the PORT to use as 192.168.1.3:XXXX, not my public IP address!

 Here is the text of my IM conversation with my friend who diagnosed it:

 {{{
 cguillot at mac.com
 ok, so an ftp server sends its ip address in the response to a passive
 mode PORT request, along with the port number to connect to...
 11:21
 » ie. I send PORT, it sends back (my ip):5005 or somesuch.
 11:22
 Eric Pugh
 ok
 11:22
 cguillot at mac.com
 Because you're forwarding ports, the server is (correctly) sending back
 192.168.100.103:5005
 11:22
 Eric Pugh
 right
 11:22
 cguillot at mac.com
 And cyberduck, not being very smart, is taking it at its word, and not
 noticing that that is not the ip address it connected to initially.
 11:22
 » ...and 192.168.100.103 is not routable from where you are....
 11:23
 Eric Pugh
 ah...
 11:23
 cguillot at mac.com
 Most ftp clients (incl the cmd line one) will try the ip address they know
 to be correct in the case of a private ip being returned in response to
 PORT.
 11:24
 Eric Pugh
 submitting bug to cyberduck
 11:24
 » fugu seems to do the same thing
 }}}

-- 
Ticket URL: <http://trac.cyberduck.ch/ticket/998#comment:1>
Cyberduck <http://cyberduck.ch>
FTP and SFTP Browser for Mac OS X.