passive mode need to ignore IP returned from server - Protocols

This is a discussion on passive mode need to ignore IP returned from server - Protocols ; I am connecting to a server that has 2 IP addresses (external and internal LAN). The server is configured to return the LAN IP. When I open a ftp session, I can connect and login to the server. > ftp ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: passive mode need to ignore IP returned from server

  1. passive mode need to ignore IP returned from server

    I am connecting to a server that has 2 IP addresses (external and
    internal LAN). The server is configured to return the LAN IP.

    When I open a ftp session, I can connect and login to the server.
    > ftp open 32.97.xxx.xxx 21


    When I switch to passive mode and open a data connection, the server
    returns the LAN IP.
    > FTP RCVD [227 Entering Passive Mode (172,17,31,25,38,252)]

    ( IP = 172.17.31.25 , port = 38*256+252 = 9980 )

    Then LAN IP (172.17.31.25) uses a private IP network range and is not
    reachable from the outside world, but all I really need is the port
    number (9980).

    How can I get kermit to use the port number (9980), but continue to use
    the server name/IP that I originally used to start the FTP session.

    I found another FTP client that recognizes that the IP address returned
    from the server is different than the original IP and switches the IP
    back to the correct address. Is there an option
    to do this in kermit?

    Thanks, LT


  2. Re: passive mode need to ignore IP returned from server

    LT wrote:
    > I am connecting to a server that has 2 IP addresses (external and
    > internal LAN). The server is configured to return the LAN IP.
    >
    > When I open a ftp session, I can connect and login to the server.
    > > ftp open 32.97.xxx.xxx 21

    >
    > When I switch to passive mode and open a data connection, the server
    > returns the LAN IP.
    > > FTP RCVD [227 Entering Passive Mode (172,17,31,25,38,252)]

    > ( IP = 172.17.31.25 , port = 38*256+252 = 9980 )
    >
    > Then LAN IP (172.17.31.25) uses a private IP network range and is not
    > reachable from the outside world, but all I really need is the port
    > number (9980).
    >
    > How can I get kermit to use the port number (9980), but continue to use
    > the server name/IP that I originally used to start the FTP session.
    >
    > I found another FTP client that recognizes that the IP address returned
    > from the server is different than the original IP and switches the IP
    > back to the correct address. Is there an option
    > to do this in kermit?
    >
    > Thanks, LT


    That other FTP client would be broken. The idea in FTP is that there
    can be more than two parties to each file transfer. It is perfectly
    acceptable for the server to report an alternate address to have the
    file set to. In this case, the server should be programmed to send
    the correct IP address. If the server is multi-homed, then the server
    should detect the address that is bound to the socket associated with
    the command channel. If the connection is coming through a NAT, the
    server should support SOCKS and obtain the correct IP address from the
    NAT for the port that was opened.

    Now, C-Kermit could of course be hacked to behave the same way as the
    other client. The source code is publicly available. The source file
    you want to look at is ckcftp.c

    Jeffrey Altman


    --
    -----------------
    This e-mail account is not read on a regular basis.
    Please send private responses to jaltman at mit dot edu

  3. Re: passive mode need to ignore IP returned from server

    I kind of figured that was going to be the solution...

    I changed ckcftp.c and recompiled. Everything is working now.
    I copied the changes below as an FYI.
    Thanks, LT



    #endif /* NOHTTP */
    {
    /** LT - ADDED, we already know the server IP, so use the
    ** current control address as the data address,
    ** replace the control port with the port from the
    passive request.
    **/
    memcpy(&data_addr,&hisctladdr,sizeof(struct sockaddr_in));
    data_addr.sin_family = AF_INET;
    /** data_addr.sin_addr.s_addr =
    htonl((a1<<24)|(a2<<16)|(a3<<8)|a4); */
    data_addr.sin_port = htons((p1<<8)|p2);

    if (connect(data,
    (struct sockaddr *)&data_addr,
    sizeof(data_addr)) < 0
    ) {
    perror("ftp: connect");
    return(-1);
    }
    }
    debug(F100,"initconn connect ok","",0);


    $ make linux+openssl


    $ diff ../ckcftp.c ckcftp.c
    12749a12750,12754
    > /** LT - ADDED, we already know the server IP, so use the
    > ** current control address as the data address,
    > ** replace the control port with the port from the passive request.
    > **/
    > memcpy(&data_addr,&hisctladdr,sizeof(struct sockaddr_in));

    12751c12756
    < data_addr.sin_addr.s_addr =
    htonl((a1<<24)|(a2<<16)|(a3<<8)|a4);
    ---
    > /** data_addr.sin_addr.s_addr = htonl((a1<<24)|(a2<<16)|(a3<<8)|a4); */



+ Reply to Thread