Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: FTP/SSL issue; Help!

From: Max <maxshop01_at_gmail.com>
Date: Mon, 6 Apr 2009 13:51:40 -0400

Thanks Marcus. I got confirmation from the Admin that there is a
firewall indeed.

We are not having any issues for regular passive FTP (i.e. non-SSL)
connections to other FTP sites. I believe that this is because the
command channel is not encrypted and the firewall can determine
accordingly. Right?

As for the FTP with SSL connection issue, is opening the "high" TCP
ports >1023 the only solution?

Thanks again.

On Sun, Apr 5, 2009 at 8:32 AM, Markus Moeller <huaraz_at_moeller.plus.com> wrote:
>
>> "Max" <maxshop01_at_gmail.com> wrote in message
>> news:a4e55e0c0904041508x7a5a63e4yfdd1ac6cd7433e6e_at_mail.gmail.com...
>> So are these all issues firewall related? Is the firewall blocking
>> curl from connecting? Sorry for the newbie question. I'll double-check
>> with our Admin to make sure that there is no firewall.
>
>
> There are two issues with "stateful" firewalls:
>
> Firstly if address translation is done, the firewall usally analyses the ftp
> command connection and looks for keywords like (E)PASV and (E)PORT and then
> changes the IP-address with the translated IP-address. With an encrypted
> command channel the firewall can not do that anymore. curl has the
> --ftp-skip-pasv-ip option to deal with this issue for pasv connections.
>
> Secondly the firewall usually blocks all connections, but if ftp is allowed
> the firewall looks for keywords like (E)PASV and (E)PORT in the command
> connection and then opens dynamically the required. Again with an encrypted
> command channel the firewall can not do that and you need the configure the
> firewall so that all connection on all high ports >1023 are allowed from
> your client for pasv ftp.
>
> Regards
> Markus
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
> FAQ:        http://curl.haxx.se/docs/faq.html
> Etiquette:  http://curl.haxx.se/mail/etiquette.html
>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-04-06