Opened 4 years ago

Last modified 4 years ago

#4256 defect new

FTP DTP not binding to correct IP Address

Reported by: alepra1 Owned by:
Priority: normal Milestone:
Component: ftp Keywords:
Cc: pradu@…, exarkun Branch:
Author: Launchpad Bug:

Description

When serving FTP on a box with multiple IP address, the DTP Protocol may bind to the wrong address when handling a PORT command.

For ex., I have a server with the following addresses:
192.168.1.8 -
192.168.1.9 -
192.168.1.10

When a connection to the FTP server is made on address 192.168.1.9, and an active file transfer is started, the DTP connection starts from 192.168.1.8

This may end up resulting in the impossibility to setup the data connection if the server is multi-homed.

I have attached a simple patch that seems to solve the problem for me, but is quite untested.

Attachments (1)

ftp.patch (521 bytes) - added by alepra1 4 years ago.

Download all attachments as: .zip

Change History (5)

Changed 4 years ago by alepra1

comment:1 Changed 4 years ago by exarkun

  • Cc exarkun added

Shouldn't the platform select a local address for which a route to the destination address exists? In my head, this is how it works. It could be a fantasy.

comment:2 Changed 4 years ago by alepra1

Scenario (Real life example):

two servers in a cluster that share a ipaddress resource:

Server 1: ip address 192.168.1.11
Server 2: ip address 192.168.1.12

Shared ip: 192.168.1.10. This address is configured in the company firewall to allow connection to ports > 1024 (this is needed for active FTP), but both server addresses (.11 and .12) are blocked.

Incoming connection on address .10, DTP Connection started from address .11 -> firewall blocked connection -> user quite unhappy.

If a connection comes on .10, the corresponding DTP connection should be on .10 as well, or firewalls may be confused.

comment:3 Changed 4 years ago by exarkun

Cool. Thanks for elaborating.

comment:4 Changed 3 years ago by <automation>

  • Owner itamarst deleted
Note: See TracTickets for help on using tickets.