cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: EPSV vs PASV

From: Leo <leo.r_at_rogers.com>
Date: Sat, 05 Feb 2011 14:23:01 -0500

On 1/20/11 8:58:48 AM, Daniel Stenberg wrote:
> On Thu, 20 Jan 2011, Michael Wood wrote:
>
>> OK, so the server thinks there's nothing wrong with EPSV, but libcurl
>> couldn't connect, so when libcurl retried with PASV, the server says
>> "Hey! What are you doing? You already asked me to open a port for
>> EPSV and now you want me to open another one for PASV???"
>>
>> I think the only way libcurl can deal with this is to close the
>> control channel after the EPSV failed and then open a new one when
>> trying the PASV. Unless maybe an ABOR command would work. But, first
>> try the latest version of libcurl, because it might already do
>> something like this. I have not checked.
>
> You're right, after the failed connect I suppose libcurl needs to do
> either an ABOR or a complete close, and it doesn't do any of that now
> even in the current version.
>
> However, judging from that output, it wouldn't completely solve this
> issue as it takes 75 seconds to fail anyway. That failure seems to be
> network-related (like a firewall) and just about the only way to avoid
> that problem is to not even try EPSV...
>
Hi,

I'm back with the EPSV vs PASV issue - thanks again Daniel and Michael
for making this issue more clear.

So here's my findings so far:

-About 15 servers that don't like EPSV were reported. curl tries to
connect with EPSV, then switches to PASV after a 75 sec wait and either
fails (as in my previous example) or connects. If EPSV is disabled, curl
connects with no problems.

Here's an example of successful connection after waiting 75 sec and
switching to PASV:

* About to connect() to 145.243.189.65 port 21 (#0)
* Trying 145.243.189.65... connected
* Connected to 145.243.189.65 (145.243.189.65) port 21 (#0)
< 220 FTP Server 205 ready.
> USER FBISP
< 331 Please specify the password.
> PASS <***>
< 230 Login successful.
> PWD
< 257 "/"
* Entry path is '/'
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||24440|)

<75 sec wait>

* Trying 145.243.189.65... Operation timed out
* couldn't connect to host
* got positive EPSV response, but can't connect. Disabling EPSV
> PASV
< 227 Entering Passive Mode (145,243,189,65,131,198)
* Trying 145.243.189.65... connected
* Connecting to 145.243.189.65 (145.243.189.65) port 33734
> TYPE A
< 200 Switching to ASCII mode.
> LIST
< 150 Here comes the directory listing.
* Maxdownload = -1
-rw-r--r-- 1 ftp ftp 2129482 Jan 30 17:38
GES_KU_STU300111_019.JPG
-rw-r--r-- 1 ftp ftp 2170928 Jan 30 17:39
GES_KU_STU300111_020.JPG
drwxr-xr-x 2 ftp ftp 1024 Jan 30 03:10 MSSP_Pauli-K?ln
drwxr-xr-x 2 ftp ftp 512 Jan 30 08:35 Pauli_K?ln
drwxr-xr-x 3 ftp ftp 1536 Jan 30 17:17 _gsdata_
-rw-r--r-- 1 ftp ftp 1641858 Jan 30 16:36
rudel_vfb-freiburg35.jpg
-rw-r--r-- 1 ftp ftp 421952 Jan 30 17:39
rudel_vfb-freiburg38.jpg
-rw-r--r-- 1 ftp ftp 588405 Jan 30 16:38
rudel_vfb-freiburg39.jpg
* Remembering we are in dir ""
< 226 Directory send OK.
* Connection #0 to host 145.243.189.65 left intact
> QUIT
< 221 Goodbye.
* Closing connection #0

-One server that does exactly the opposite: it doesn't accept PASV. curl
can only connect with EPSV enabled. I know that this server is behind a
small Firewall and it's Windows 2008 64 bit Microsoft FTP Service from
IIS 7 (if it makes any difference).

Here's a log of connection attempt with EPSV disabled:

* About to connect() to www.xeen3d.de port 21 (#0)
* Trying 87.193.152.189... connected
* Connected to www.xeen3d.de (87.193.152.189) port 21 (#0)
< 220 ----------------------- xeen3d -------------------------
> USER ftptest
< 331 Password required for ftptest.
> PASS <***>
< 230-Welcome to xeen3d FTP Server
< Directory has 28,281,733,120 bytes of disk space available.
< 230 User logged in.
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> PASV
* Connect data stream passively
< 227 Entering Passive Mode (87,193,152,189,19,141).

<75 sec wait>

* Trying 87.193.152.189... Operation timed out
* couldn't connect to host
* Closing connection #0
curl: (7) couldn't connect to host

-Other FTP clients I tried (Cyberduck and Transmit) connect to all sites
with no problems.

I'm on Mac OS X 10.5.8, still with libcurl 7.16.3 - but from what Daniel
said I understand that later versions wouldn't change anything in this area.

So is there a way to make curl choose the correct method (EPSV/PASV)
automatically? Am I missing something? (BTW, the same question applies
to choosing between passive and active mode).

I LOVE curl, but obviously I want to understand why I can't achieve
something that other FTP clients can - and if I can achieve this, then
what am I doing wrong?

Thanks,
Leo

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-02-05