incubator-ftpserver-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clinton Foster <cfos...@us.axway.com>
Subject Allow configuring IP address for PASV response
Date Tue, 06 Feb 2007 22:44:41 GMT
I¹m working from a code base just before the MINA changes were checked in,
so please forgive me if this has been corrected...

As far as I can tell, there is no way to configure the IP address returned
in response to the PASV command. The config.data-connection.passive.address
configuration parameter allows configuring which local network interface the
server should accept data connections on. But if the server is behind a
firewall, the address it returns must be an external address, not a local
address like 10.10.1.2.

Given the way the code is now, it will only work with firewalls that are
smart enough to sniff the control connection and automatically rewrite the
correct external address in the PASV responses. Fortunately many firewalls
these days can do this. But obviously it won't work if the control
connection is running over SSL.  So there has to be a configuration value
for specifying the external address for PASV responses.

Ideally, the server should also notice if the client's control connection
came from a local address, and if so return the local address instead of the
external address. This allows local clients to make passive data connections
to the server even if the external address is not resolvable for them.

I have added a config.data-connection.passive.external-address configuration
parameter to implement this behavior. It required updating the following
classes: DataConnectionConfig, DefaultDataConnectionConfig,
FtpDataConnection, and PASV.

Does this change make sense to everyone? If so, what would be the best way
for me to go about submitting it for review?

Clint Foster


Mime
View raw message