commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Neil Aggarwal" <>
Subject RE: [net-ftp] FTPS timeout when trying to upload a file
Date Thu, 08 Feb 2007 15:12:32 GMT

I am running FTPSClient.  I do not have control on
the server.

I think you are correnct in your assumption that the 
server is running behind a NAT.  It is on 
and the public IP address that is mapped to it is

According to RFC 1918:

The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:        -  (10/8 prefix)      -  (172.16/12 prefix)     - (192.168/16 prefix) 

The IP address is not a routable address and therefore the
connection to it will fail.

How about we do this in the FTPS Client when we get back
an IP address from the server:

  if( we are on the same subnet as the server )
    Use the IP provided by the server
    if( the IP address given by the server is a private IP ) 
    	Overwrite the IP with the original IP address used to
    	connect to the server.  We should know that from when
    	we connected to the server.
	Use the IP provided by the server

That should solve this problem.  

I am positive there will be others who will run into this problem
and blame FTPSClient as being broken.


Neil Aggarwal, (214)986-3533,
FREE! Eliminate junk email and reclaim your inbox.
Visit for details.

-----Original Message-----
From: Steffen Heil [] 
Sent: Thursday, February 08, 2007 2:42 AM
To: 'Jakarta Commons Users List'
Subject: RE: [net-ftp] FTPS timeout when trying to upload a file


Warning: Wild guessing ahead:

> When my FTP client ...

So you have the client on your side.

> But, is, not

Note, this IP is a private address, which is not even suppost to be routed.

> ... FTPSClient ... 

And that is using ftpS.

So I guess the Server itself actually HAS and is behind some
NAT router, which inspects protocolls to replace the internal ip with the external one I also suppose, this works
fine for FTP and external systems never see the internal address.

However, FTPS is SSL-encrypted and as such the NAT-router cannot change or
even see, what's inside the packet. So you get the original reply.

There is nothing you can do about that, except if you can reconfigure the

SFTP doesn't play well behind nat routers, if not configured especially. For
example pure-ftps has an option to specify another ip address for answers as
that one and to ignore the servers ip address. The only other option would
be to enable the nat router to decrypt the ssl connection, which would be
both very cpu-consuming and insecure.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message