Subject: Re: ipnat ftp proxy: any news?
To: Matthias Scheler <firstname.lastname@example.org>
From: Pelle Johansson <email@example.com>
Date: 09/05/2004 14:05:46
2004-09-05 kl. 12.58 skrev Matthias Scheler:
> On Sun, Sep 05, 2004 at 12:52:00PM +0200, Pelle Johansson wrote:
>> Up until the point the client sends the EPSV ALL command. When that's
>> done it can let go of the connection, since it knows the client will
>> only use passive transfers.
> That's not correct:
> 1.) Even if the client sends a "EPSV ALL" command the FTP proxy doesn't
> know yet whether the FTP server will accept that command.
True enough. Once the server replies positively then.
> 2.) Even if the FTP server supports passive connections the FTP client
> might later decide to use active connections(*).
In that case it is broken, and the FTP server should not allow it.
Quote RFC 2428:
"Upon receipt of an EPSV ALL command, the server MUST reject all data
connection setup commands other than EPSV"
The whole point of the EPSV ALL command is to decrease the load on
firewalls/nat. If it's found out that passive connections can't be used
after all the client should just reconnect.
Unfortunately there's a lot of broken FTP implementations out there.
It's my firm belief that they shouldn't be encouraged, though I realise
that might not always work in the business world.