ftp4che / Bugs / #31 Passive Mode where the NAT server is not translating the IP

#31 Passive Mode where the NAT server is not translating the IP

Milestone: v1.0_(example)

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2016-02-25

Created: 2008-02-01

Creator: Isabel Mendez

Private: No

If the IP replied by the server with the PASV command is not translated by the NAT server, the data socket cannot be opened.

If it is not possible to add those rules to the NAT server due to security constraints, you can use this modified version of FTPConnection.java where the method sendPassiveMode() is using the original IP or DNS provided in the host property and the port given by the server in the PASV command to open the data socket (lines 688 - 691).

This change also can resolve the vulnerability of the client due to the PASV command.

Discussion

Isabel Mendez - 2008-02-01

FTPConnection.java modified

FTPConnection.java

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kevin C. - 2014-10-21

Any updates on this? Or particular reason this patch was never accepted? We're encountering the same issue.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Arnold Maderthaner - 2016-02-25

provided by public void setOverrideHostForPassiveConnections(InetAddress overridePassiveAddress) in version 1.0

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Arnold Maderthaner - 2016-02-25

status: open --> closed-fixed

Group: --> v1.0_(example)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Passive Mode where the NAT server is not translating the IP

Group

Searches

Help

#31 Passive Mode where the NAT server is not translating the IP

Discussion