cURL / Mailing Lists / curl-users / Single Mail


RE: Trouble transversing two firewalls w/ passive ftp

From: Nick Harley <>
Date: Thu, 26 Jan 2006 13:11:13 -0600

Apparently, they're saying that if I use the passive option and the
ports they've designated are open on my firewall for transfer from their
IP address, the application will send back to the nat'd address on their
firewall which will then translate out to our address. They refuse to
budge on any configuration on their end on this so it looks like I'm
going to have to buy their software after all. Thanks for everyone's

>>> 1/26/2006 10:04:59 am >>>
> A - you block the server from connecting back to you, so you
> can't use PORT
> B - the server is bad and responds with a bad IP, so you
> can't use PASV
> Conclusion: you simply cannot speak FTP with this server
> unless you change
> something in the network environment. This is nothing curl
> can do anything
> about.

To get A working you definitly need a firewall with knowlegde about the

I sleightly disagree on B, the nat on the firewall is not good enough.
It should modiy the response also and not just the IP packets.
(Linux Netfilter: ipt_conntrack_ftp)

A better firewall might just do the trick or configure it correctly.
A linux firewall without the conntrack_ftp module also won't work.
And many firewalls (even the cheap ones) can be aware of this issue if

configured correctly.

Kind Regards,
Nico Baggus
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.

*** *** *** *** *** *** *** *** *** ***
This e-mail is intended for the sole use of the individual(s) to whom it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. You are hereby notified that any dissemination, duplication, or distribution of this transmission by someone other than the intended addressee or its designated agent is strictly prohibited. If you receive this e-mail in error, please notify me immediately by replying to this e-mail.
*** *** *** *** *** *** *** *** *** ***
Received on 2006-01-26