cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: FTP/SSL issue; Help!

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Sun, 5 Apr 2009 13:32:29 +0100

>"Max" <maxshop01_at_gmail.com> wrote in message
>news:a4e55e0c0904041508x7a5a63e4yfdd1ac6cd7433e6e_at_mail.gmail.com...
>So are these all issues firewall related? Is the firewall blocking
>curl from connecting? Sorry for the newbie question. I'll double-check
>with our Admin to make sure that there is no firewall.

There are two issues with "stateful" firewalls:

Firstly if address translation is done, the firewall usally analyses the ftp
command connection and looks for keywords like (E)PASV and (E)PORT and then
changes the IP-address with the translated IP-address. With an encrypted
command channel the firewall can not do that anymore. curl has
the --ftp-skip-pasv-ip option to deal with this issue for pasv connections.

Secondly the firewall usually blocks all connections, but if ftp is allowed
the firewall looks for keywords like (E)PASV and (E)PORT in the command
connection and then opens dynamically the required. Again with an encrypted
command channel the firewall can not do that and you need the configure the
firewall so that all connection on all high ports >1023 are allowed from
your client for pasv ftp.

Regards
Markus

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-04-05