15 sep 2005 kl. 12.21 skrev der Mouse:


> As of 2.0, and dating back at least as far as 1.4T, our FTP client  
> does
> something interesting when using EPSV: it tries to open the data
> connection, in the TCP sense, immediately upon getting the EPSV
> response.
>

Which is how it should be, for security reasons (it's harder to high- 
jack the connection). I think there's a RFC about it... (2577 after a  
quick lookup).


> This works fine with our ftpd, of course, and RFC 2428 contains
> language that seems to imply it's not incorrect behaviour (that the
> server is required to already be listening by the time the response is
> sent).  However, it breaks with the FTP daemon on
> download.fedora.redhat.com (or at least one of them - that name has
> four addresses) and possibly others - the symptom is that I can't
> download with "ftp download.fedora.redhat.com:/pub/....", getting "550
> Permission denied." and then a lockup.
>

It's broken. You should be able to change your port settings at any  
time before the RETR, and connect as soon as it's set.
If you send the EPSV ALL command it would be fine to reject other  
port commands of course.


> Even if the server really is supposed to have a listen pending right
> from EPSV time, I wonder if we may want to have the FTP client  
> tolerate
> servers that behave this way by trying the data connection again  
> when a
> transfer command is given if the EPSV succeeds but the connection is
> refused.
>

It could be tolerated, but should be warned about in that case.

One of the biggest problems with FTP is that there's a lot of broken  
servers and clients out there.
-- 
Pelle Johansson
<morth@morth.org>