> shin> (About EPRT, initiating client retry PORT command next if EPRT
> shin> failes, so trying EPRT first will be OK.)
> No. In this senario, if server knows EPRT, EPRT request will be
> accepted, and will not fail. But, existing NAT box doesn't handle
> EPRT request. So, NAT box cannot treat data connetion as if it treat
> for PORT. Then, data connection request from server will not reach to
> client.
> shin> As RFC2428(FTP Extensions for IPv6 and NATs), EPSV can be used
> shin> for IPv4 and IPv6 and it has performance benefit for firewall
> shin> and NAT, because it doesn't include an IP address in its
> shin> command, so firewall and NAT doesn't need to translate them.
> No problem will occur with EPSV on even if IPv4. If server doesn't
> know EPRT, client will try PASV next.
There seems to be also some problem in the reverse case.
I actually tested in the following environment.
(I should have checked it more earlier on the first place.)
My home router remote
current 3.3 current
/usr/bin/ftp /usr/sbin/ppp -nat /usr/libexec/ftpd
In non passive case,
ftp> dir
500 Illegal PORT range rejected.
200 pcmd command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 4
dr-xr-xr-x 2 root operator 512 Jan 2 14:50 bin
dr-xr-xr-x 2 root operator 512 Jan 2 14:50 etc
drwxrwxrwt 2 root operator 512 Jan 2 14:50 incoming
drwxr-xr-x 2 root operator 1024 Feb 4 12:54 pub
226 Transfer complete.
The 1st trial seems to be rejected at,
500 Illegal PORT range rejected.
and 2nd trial seems to be accepted at,
200 pcmd command successful.
And then I tried passive mode.
ftp> passive
Passive mode on.
ftp> dir
229 Entering Extended Passive Mode (|||1044|)
^C
receive aborted
waiting for remote to finish abort.
The connection hanged at
229 Entering Extended Passive Mode (|||1044|)
for a while, so I aborted it.
> shin> So if no other better suggestion, I think I'll get permission
> shin> to fix 4.0 ftp client to try EPSV only for IPv6.
>
> EPSV is NAT frendly. I think disabling EPRT on IPv4 is better for a
> while.
I now feel disabling either of EPSV and EPRT via IPv4 is safe
for 4.0.
Yoshinobu Inoue
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message