Re: EPSV vs PASV
Date: Thu, 10 Feb 2011 23:05:45 -0500
On 2/9/11 4:37:17 PM, Daniel Stenberg wrote:
> On Wed, 9 Feb 2011, Leo wrote:
>> STAT /
>> But still I'm curious if those Cyberduck logs help understand how it
>> connects to both sites seemingly automatically?
> It works without doing PASV or EPSV when doing directory listings by
> the STAT command as shown up here. STAT sends contents over the
> control connection instead of over a separate data connection (a
> method that libcurl doesn't yet support).
> If you do a file transfer instead of a directory listing it might act
Ha! You're right.
I never actually tried to transfer anything, just listed directory,
thinking the result must be the same.
So when I tried to transfer a file, Cyberduck could NOT send it to the
EPSV-liking site (even after listing directory). I had to switch
connection mode from Default to Active to enable transfer.
But anyway, it looks like I got there!
After Cyberduck, I checked Transmit - and it could list and transfer
files everywhere without changing anything.
I looked at the transcript, and noticed this everywhere:
200: PORT command successful. <Consider using PASV.>
which seemed to confirm Michael's suggestion that active mode
(--ftp-port) is universally used... But why it didn't work for me with
certain servers when using curl?
But then I recalled a little detail I forgot - and a little mix-up of
terminology doesn't make it easier :) - that --ftp-port doesn't imply
the PORT command, because the default is EPRT and you need to disable it
to use PORT.
So I added --disable-eprt and it seems to work with any server.
So the answer is active mode with the PORT command, just as Michael
suggested (+ EPRT suppressed)...
That is unless we have to deal with an issue that Michael mentioned (and
I did some more research to understand it better):
> If multiple clients are involved, then the firewall
> on the client becomes more important when using --ftp-port, because
> the server will have to make a connection back to the client and the
> client's firewall might not allow the incoming connection from the
So I activated firewall on my Mac, and naturally neither Transmit nor my
program couldn't connect anywhere, with Transmit giving a proper warning:
"Error accepting data connection. This could be a problem with firewall
or proxy configuration. Try passive mode."
Transmit also has a preference to use Passive (PASV) mode.
Choosing PASV allowed most connections, but it still could NOT connect
to the EPSV-liking site (as expected).
Bottom line: there's nothing "magic" about those FTP clients, they work
exactly the same way as curl, just set initially to different
defaults... which is something you told me from the beginning. :)
Now I just need to pick my preferred default settings and let users
change them if required.
Anyway, the picture is now clear - thanks a lot Daniel and Michael for
all the great help with the issue! I can deal with the connection modes
on a conscious level now. :)
List admin: http://cool.haxx.se/list/listinfo/curl-library
Received on 2011-02-11