External IP about ftpd HOT 7 CLOSED

Thank you for the kind words, and the bug report. The way the passive-mode code is written makes me think it would never work behind a NAT, so you must be the first to try: It's not a bug you've found as much as it's missing functionality. Most ftp servers have configuration options that you can use to get them to advertise the IP of your choice for passive mode connections. I think ftpd will need that, too.

For reference, here's the code that establishes the passive mode socket server and advertises the IP, from https://github.com/wconrad/ftpd/blob/6214d4800164304a18651a48d15a06447e317a2b/lib/ftpd/cmd_pasv.rb :

    interface = socket.addr[3]
    self.data_server = TCPServer.new(interface, 0)
    ip = data_server.addr[3]
    port = data_server.addr[1]
    quads = [
      ip.scan(/\d+/),
      port >> 8,
      port & 0xff,
    ].flatten.join(',')
    reply "227 Entering passive mode (#{quads})"

Yeah, that's never going to work behind a NAT firewall. The fix I have in mind will introduce a configuration variable for the advertised IP. The line ip = data_server.addr[3] will change to something like ip = configured_public_ip || data_server.addr[3].

I'll see what I can cook up in the way of a fix. I'm not sure when I'll get to it--hopefully this weekend.

from ftpd.

That would really be great. Thanks so much for the hard work you do on this project.

from ftpd.

If you are able to modify your Gemfile to point to a specific branch of ftpd, then could you please test the nat branch using this Gemfile line?

gem 'ftpd', git: "https://github.com/wconrad/ftpd", branch: "nat"

The new configuration item is called #nat_ip. Set it before starting the server, like so:

ftp_server = Ftpd::FtpServer.new(@driver)
ftp_server.nat_ip = "203.0.113.197"
ftp_server.start

If you can't test the branch easily, I'll just publish it as a new gem version and you can try it that way. It's a low risk change that's unlikely to break anything else, so that'd be OK.

Some people running an ftp server behind a firewall need to configure the port range that is used for passive server sockets. I haven't added that option yet. Let me know if you need it.

from ftpd.

The nat branch now has the option passive_ports which you can use to configure the range of ports to be used for passive-mode sockets.

from ftpd.

I don't think these "nat" changes will break anything, and the tests show that they probably fix this issue, so I'll merge this branch in and publish a new gem version. The new gem version is coming with another change (frozen strings) that is unlikely to break anyone, but could, so first gem version with these "nat" changes will be 2.0.0.

from ftpd.

Thanks so much for adding these features! We're now using the nat_ip config option in production. Sincerely appreciated.

from ftpd.

@drewbug It made my day that you are using this feature in production. Thanks!

from ftpd.