Re: EPSV vs PASV
Date: Wed, 09 Feb 2011 15:26:55 -0500
Thanks for the detailed analysis, Michael.
On 2/5/11 3:16:18 PM, Michael Wood wrote:
> Have you tried "--ftp-port -" with the servers you need to talk to?
> Are you always running this from the same client or are multiple
> clients involved? If multiple clients are involved, then the firewall
> on the client becomes more important when using --ftp-port, because
> the server will have to make a connection back to the client and the
> client's firewall might not allow the incoming connection from the
Yes, I did try active mode ("--ftp-port -") just in case, and it didn't
work with the servers that dislike EPSV. It just gets to this point and
* Connect data stream actively
> TYPE A
< 200 TYPE is now ASCII
I did some research and it's a known issue with the active mode.
Anyway I thought that active mode is a thing of the past and used very
rarely (that's at least my experience). Some 3 years ago I worked at a
large Canadian ad agency and we had over a thousand FTP destinations
(publications, service providers etc.), and only 2 or 3 required active
mode. With the current project I only heard about one site that required
active mode in the last 2 years.
That's also why I doubt that other FTP clients use active mode. As far
as I understand, passive mode is the widely accepted default.
>> I LOVE curl, but obviously I want to understand why I can't achieve
>> something that other FTP clients can - and if I can achieve this, then what
>> am I doing wrong?
> Well in order to answer that question, it is necessary to find out
> what these other FTP clients are doing differently. Perhaps you can
> capture the network traffic between the client and server when running
> these other FTP clients and use Wireshark to see what they do
> differently from libcurl.
Here's two Cyberduck logs for the servers I described before. Cyberduck
connects to both of them instantly.
Do these logs help understanding anything?
1. This server doesn't like EPSV:
220 FTP Server 205 ready.
331 Please specify the password.
230 Login successful.
200 NOOP ok.
215 UNIX Type: L8
-rw-r--r-- 1 ftp ftp 283240 Nov 20 17:02
drwxr-xr-x 2 ftp ftp 1024 Feb 06 06:30
213 End of status
2. This server only likes EPSV and dislikes PASV:
220 ----------------------- xeen3d -------------------------
211-Extended features supported:
331 Password required for ftptest.
230-Welcome to xeen3d FTP Server
Directory has 28,280,451,072 bytes of disk space available.
230 User logged in.
OPTS UTF8 ON
200 OPTS UTF8 command successful - UTF8 encoding now ON.
257 "/" is current directory.
200 NOOP command successful.
213-status of /:
drwxrwxrwx 1 owner group 0 Dec 11 2010
-rwxrwxrwx 1 owner group 76464 Dec 8 2008
-rwxrwxrwx 1 owner group 930 Jan 3 0:10 web.config
213 End of status.
As a last test, I tried to connect with Firefox, and it could not
connect to the site that requires EPSV - which makes me think that
whatever FTP engine Firefox uses, it has EPSV disabled by default.
> You could try contacting the people who look after the network where
> each server lives and convince them that there is a problem and hope
> they fix it. You could also try using --ftp-port and see if that
> helps. Otherwise you could build up a list of known servers and the
> options that are known to work with them and then be prepared to
> update that list when things change. You could perhaps update the
> list automatically if you detect a timeout with EPSV for a particular
> server and that PASV works for example
>> Am I missing something? (BTW, the same question applies to
>> choosing between passive and active mode).
> Indeed :)
Thanks - so at this point, I think that I'll just do this:
-Disable EPSV by default: it looks like it will work in almost all cases.
-Hardcode that one site that requires EPSV and the one that requires
Not very elegant, but if it works for now...
I may also add a pop-up menu with 3 connection mode choices:
and advise users to try to change the mode if the connection could not
But still I'm curious if those Cyberduck logs help understand how it
connects to both sites seemingly automatically?
List admin: http://cool.haxx.se/list/listinfo/curl-library
Received on 2011-02-09