cURL / Mailing Lists / curl-users / Single Mail

curl-users

curl vs. socks5

From: Jochen Hayek <Jochen+curl_at_Hayek.name>
Date: Mon, 12 Feb 2007 14:46:44 +0100

>>>>> "DS" == Daniel Stenberg <daniel_at_haxx.se> writes:

    DS> I think your problem is rather the combination socks + ftp, which I
    DS> believe never has worked.

>> I have no idea, why I get "425 Unable to build data connection:
>> Connection refused" after that "NLST".
>>
>> Anybody any idea?

    DS> Yes, you tell the server to connect to a private IP address:

    DS> PORT 10,0,4,119,180,254

Yes, it looks like that -- but when the socks server goes through the NAT router, everything is fine.
Today's NAT routers are wonderful little (Linux) machines :-)

So that private IP address should not be a problem.

Look here -- an example of a "socksified ftp", also active mode etc. :

    [2007-02-12 14:23:24] johayek_at_HayekJ $ socksify ftp -A -n ftp.this_domain.com
    Connected to efg.this_domain.com.
    220 ... FTP server
    ftp> debug
    Debugging on (debug=1).
    ftp> user this_user this_password
    ---> USER this_user
    331 Password required for this_user.
    ---> PASS XXXX
    230 User this_user logged in.
    ---> SYST
    215 UNIX Type: L8
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ---> FEAT
    211-Features:
     MDTM
     REST STREAM
     SIZE
    211 End
    features[0] = 1
    features[1] = 1
    features[2] = 0
    features[3] = 1
    features[4] = 1
    features[5] = 0
    ftp> epsv4
    EPSV/EPRT on IPv4 off.
    ftp> dir
    ftp: setsockopt (ignored): Permission denied
    ---> PORT 10,0,4,117,154,66
    200 PORT command successful
    ---> LIST
    150 Opening ASCII mode data connection for file list
    -rw-rw-rw- 1 8134 5405 38709 Dec 13 23:27 GILB_Constits_061213.csv
    [...]

    DS> This can't be done, so you need to tell curl your external IP.

Apparently the NAT firewall does "the right thing".

Here are two more variants of calling curl and trying to go through the socks server -- "'invisibly' socksified curl" and natively socksified curl
(socksify replaces our address 10.0.4.119 by the local address of the socks server host 10.0.4.117):

    [2007-02-12 14:11:34] johayek@HayekJ $ socksify curl --verbose --ftp-port - --disable-eprt --list-only ftp://this_user:this_password@ftp.this_domain.com
    * About to connect() to ftp.this_domain.com port 21
    * Trying 151.208.126.140... connected
    * Connected to ftp.this_domain.com (151.208.126.140) port 21
    < 220 ... FTP server
> USER this_user
    < 331 Password required for this_user.
> PASS this_password
    < 230 User this_user logged in.
> PWD
    < 257 "/" is current directory.
    * Entry path is '/'
> PORT 10,0,4,117,157,99
    < 200 PORT command successful
    * Connect data stream actively
> TYPE A
    < 200 Type set to A
> NLST
    < 150 Opening ASCII mode data connection for file list
    [timing out after a while]

    [2007-02-12 14:17:30] johayek@HayekJ $ /usr/local/src/tmp/curl-7.16.1-20070208/src/curl --socks5 10.0.4.117:1080 --verbose --ftp-port HayekH --disable-eprt --list-only ftp://this_user:this_password@ftp.this_domain.com
    * About to connect() to proxy HayekH port 1080 (#0)
    * Trying 10.0.4.117... connected
    * Connected to HayekH (10.0.4.117) port 1080 (#0)
    < 220 ... FTP server
> USER this_user
    < 331 Password required for this_user.
> PASS this_password
    < 230 User this_user logged in.
> PWD
    < 257 "/" is current directory.
    * Entry path is '/'
> PORT 10,0,4,117,234,120
    < 200 PORT command successful
    * Connect data stream actively
> TYPE A
    < 200 Type set to A
> NLST
    < 425 Unable to build data connection: Connection refused
    * RETR response: 425
    * Connection #0 to host ftp.this_domain.com left intact
    curl: (19) RETR response: 425
> QUIT
    < 221 Goodbye.
    * Closing connection #0

Maybe with what we see (resp. think), how ftp deals with "setsockopt (ignored): Permission denied",
we can improve curl's way?

Alright, alright "NLST" is not the same as "LIST",
but actually if "LIST -1" (for "ls -1") does the right thing for me in this case,
I would be fine using that instead, if I knew how to tell curl resp. libcurl.

Jochen
Received on 2007-02-12