Opened 9 years ago

Last modified 9 years ago

#4256 defect new

FTP DTP not binding to correct IP Address

Reported by: alepra1 Owned by:
Priority: normal Milestone:
Component: ftp Keywords:
Cc: pradu@…, Jean-Paul Calderone Branch:


When serving FTP on a box with multiple IP address, the DTP Protocol may bind to the wrong address when handling a PORT command.

For ex., I have a server with the following addresses: - -

When a connection to the FTP server is made on address, and an active file transfer is started, the DTP connection starts from

This may end up resulting in the impossibility to setup the data connection if the server is multi-homed.

I have attached a simple patch that seems to solve the problem for me, but is quite untested.

Attachments (1)

ftp.patch (521 bytes) - added by alepra1 9 years ago.

Download all attachments as: .zip

Change History (5)

Changed 9 years ago by alepra1

Attachment: ftp.patch added

comment:1 Changed 9 years ago by Jean-Paul Calderone

Cc: Jean-Paul Calderone added

Shouldn't the platform select a local address for which a route to the destination address exists? In my head, this is how it works. It could be a fantasy.

comment:2 Changed 9 years ago by alepra1

Scenario (Real life example):

two servers in a cluster that share a ipaddress resource:

Server 1: ip address Server 2: ip address

Shared ip: This address is configured in the company firewall to allow connection to ports > 1024 (this is needed for active FTP), but both server addresses (.11 and .12) are blocked.

Incoming connection on address .10, DTP Connection started from address .11 -> firewall blocked connection -> user quite unhappy.

If a connection comes on .10, the corresponding DTP connection should be on .10 as well, or firewalls may be confused.

comment:3 Changed 9 years ago by Jean-Paul Calderone

Cool. Thanks for elaborating.

comment:4 Changed 8 years ago by <automation>

Owner: itamarst deleted
Note: See TracTickets for help on using tickets.