Article delegate-en/4004 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: ftp/tls +PASV +NAT
17 Jun 2008 01:06:34 GMT (Yutaka Sato)
The DeleGate Project

In message <_A4003@delegate-en.ML_> on 06/17/08(05:14:42)
you Darin Perusich <> wrote:
 |On 06/12/08(04:56) you Darin Perusich <> wrote
 |in <_A4000@delegate-en.ML_>
 ||First, if possible, you shoud setup your client to use EPSV instread of
 ||PASV. Unlike PASV, the EPSV response does not include the address of 
 ||the FTP server but only shows the port number, like "229 Extended 
 ||Passive Mode (|||12346|)" instead of "227 Entering Passive Mode 
 ||(11,22,33,44,482,64)." for PASV. Thus the destination address of the 
 ||data connection will be that of the current control connection 
 ||automatically, and you will not be bothered with it.
 |The server I'm connecting to doesn't support EPSV mode so this won't 
 |work. They are running a rather old version of WS_FTP.

The command for data-connection establishment is hop-by-hop thus the
command with the server is independent from the one with the client.
For example, it can be EPSV with client and PASV with the server.

  client ---EPSV--- DeleGate ----PASV---- server

 ||You need to specify your external IP address ( as this:
 ||  SRCIF="*:tcpbound"
 |I tried setting this but it didn't make any difference, the connection 
 |still timed out.

If your DeleGate is within a firewall, it should be setup to pass the
port numbers for PASV assined by DeleGate.  You can add another SRCIF
to restrict the range of the port numbers (2048-2064 for example) to be
assined as this:


You can confirm it is working as this:

  % telent delegate port
  227 Entering Passive Mode (11,22,33,44,8,0)

The LOGFILE of DeleGate (with -vd option) will record as this:

06/17 10:03:35.99 [22651] 1+0/1: CLIENT-SAYS: pasv^M
06/17 10:03:35.99 [22651] 1+0/1: SRCIF=*:2048-2064 [ftp-data-pasv://]
06/17 10:03:35.99 [22651] 1+0/1: FTP-control-remote: [27]
06/17 10:03:35.99 [22651] 1+0/1: ##NOT ViaSocks-B##
06/17 10:03:36.04 [22651] 1+0/1: listen(24,1) OK.
06/17 10:03:36.04 [22651] 1+0/1: SRCIF=* [tcpbound://]
06/17 10:03:36.05 [22651] 1+0/1: FTP-data-local[24]:
06/17 10:03:36.05 [22651] 1+0/1: PASV [X][11,22,33,44,8,0] >> 227 Entering Passive Mode (11,22,33,44,8,0).^M

Another solution is to force the client to use PORT or EPRT command.

  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]