Passive mode Ip address

Advertisement

Kim
Guest

Passive mode Ip address

When using passive mode the return ip address from the server can be a NAT address which cannot be accessed by clients on the the other side of the firewall. A suggestion is an option to use the address on which the client initiates the connection instead of the address returned by the PASV command (obviously retain the port).

For example a connection to a server may return 192,168,0,5,3,224 - the external address of the server will definitely not be in the 192.168.0 range if the connection is over the Internet. If an option is set to use the outgoing address for the PASV connection the 192,168,0,5 would be ignored and the original outbound address used.

We picked up a problem that Filezilla was able to circumvent and I suspect that this is how they did it.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Passive mode Ip address

Thanks for your post. This issue is being tracked already.
_________________
Martin Prikryl

Reply with quote

Advertisement

You can post new topics in this forum