cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: connection and security -- a question

From: Roth, Kevin P. <KPRoth_at_MAPLLC.com>
Date: Fri, 30 May 2003 14:29:27 -0400

This doesn't sound like a curl problem...

Are you able to use a normal FTP client to connect to your FTP
server? If you don't already have your own personal favorite,
I recommend FileZilla (look on sourceforge for it).

FTP works with a "control" channel, on port 21, as well as
a "data" channel on some other port. In passive mode FTP,
the client asks the server to specify a port number, to which
the client will then connect. In active mode, the client
specifies an IP and port, and the server then connects back
to the client on that port.

Some servers permit you to limit the port range they will
use for PASV mode transfers. The curl client ought to
allow you to specify a PORT "range" (using the -P command),
but it appears that it doesn't. Perhaps there's room for
improvement here?

  (Daniel - how hard would it be to change -P/--ftpport
   to accept something like "129.1.2.3:2345" or
   "eth0:2345-2348"?)

Most firewalls, if they support FTP, do so using some kind
of Stateful Inspection mechanism, whereby the FTP traffic
is watched, and the port number selected (in the PORT
command) is temporarily "opened" between the proper
IP addresses. NAT devices do the same thing, and
automatically map the port to the proper internal
IP address.

Hope that helps a little,
- Kevin

-----Original Message-----
From: Carter Harris [mailto:carter-lists_at_technettn.net]
Sent: Friday, May 30, 2003 12:15 PM
To: curl-users_at_lists.sourceforge.net
Subject: connection and security -- a question

I'm trying to configure curl to upload a file to an FTP server. Both
the client and the server are behind a routers with only selected ports
open (i.e. ports backed by secure software).

The command I am using is:

Curl -u <uid>:<pwd> -P a -T c:\bakup\data\bakfil.zip ftp://<ftpaddress>

I included the -v switch to get the following:

* About to connect() to <ftpaddress>:21
* Connected to <ftpaddress> (xxx.xxx.xxx.xxx) port 21
> USER <uid>
> PASS <pwd>
* Entry path is '/c:/'
* Telling server to connect to yyy.yyy.yyy.yyy:3206
> PORT yyy,yyy,yyy,yyy,12,134
* Ordered connect of the data stream with PORT!
> TYPE I
> STOR bakfil.zip
* Timeout while waiting for server connect
Curl: (30) Timeout while waiting for server connect
* Closing connection #0

Since both of these computers are web servers I have a security
problem--how do I complete this connection without compromising security
on either end. (I currently backup every open port with software that
requires some type of security--a login for example.) I feel like the
problem is that the connection on port 3206 (whatever port is
assigned--it varies) cannot be done because that port is not open on the
client machine. I opened a port on the client machine and tried to
specify the port as part of the IP Address following the -P switch but
it didn't seem to work. The man page says "In practice, PORT tells the
server to connect to the client's specified address and port, while PASV
asks the server for an ip address and port to connect to."

Am I thinking clearly here? I there a way to specify the port to use?
Any suggestions on how to do this would be appreciated.

Carter

-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
Received on 2003-05-31