cURL / Mailing Lists / curl-users / Single Mail


RE: Trouble transversing two firewalls w/ passive ftp

From: <>
Date: Thu, 26 Jan 2006 17:04:59 +0100

> A - you block the server from connecting back to you, so you
> can't use PORT
> B - the server is bad and responds with a bad IP, so you
> can't use PASV
> Conclusion: you simply cannot speak FTP with this server
> unless you change
> something in the network environment. This is nothing curl
> can do anything
> about.

To get A working you definitly need a firewall with knowlegde about the FTP

I sleightly disagree on B, the nat on the firewall is not good enough.
It should modiy the response also and not just the IP packets.
(Linux Netfilter: ipt_conntrack_ftp)

A better firewall might just do the trick or configure it correctly.
A linux firewall without the conntrack_ftp module also won't work.
And many firewalls (even the cheap ones) can be aware of this issue if
configured correctly.

Kind Regards,
Nico Baggus
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
Received on 2006-01-26