Our site is behind a firewall. Socks is running on the firewall configured to
not accept any incoming connections. This means that ftp won't work even when
"socks"ified, because the data connection is an incoming connection. I thought
that this would be a simple thing to work around using PASV. So I took the
bsd distribution of ftp, and modified ftp.c. The modifications were as follows:
1) in initconn() replaced:
data=socket(AF_INET, SOCK_STREAM, 0);
with:
if (command("PASV") != COMPLETE) {
printf("proxy server does not support third party transfers.\n")
;
return;
}
else{
setupaddr(pasv,&from);
}
data = socket(from.sin_family, SOCK_STREAM, 0);
where from was defined as :
struct sockaddr_in from; /* This is data addr from pasv rslts*/
at file (global) scope, and setupaddr() is defined as:
void
setupaddr(char *pasv,struct sockaddr_in *name)
{
unsigned int iaddr=0,port=0;
register int i;
char *util=pasv;
for(i=0;i<4;i++){
iaddr=256*iaddr+atoi(util);
while(*util!=','){
util++;
}
util++;
}
for(i=0;i<2;i++){
port=256*port+atoi(util);
while(*util!=','){
util++;
}
util++;
}
bzero((char *)name, sizeof (name));
name->sin_family=AF_INET;
name->sin_port=port;
name->sin_addr.s_addr=iaddr;
}
2) in initconn() commented out the Rlisten (Rlisten because of socks modification).
3) In dataconn() replaced:
s = Raccept(data, (struct sockaddr *) &from, &fromlen);
if (s < 0) {
perror("ftp: accept");
(void) close(data), data = -1;
return (NULL);
}
(void) close(data);
data = s;
with:
s = Rconnect(data, (struct sockaddr *) &from,fromlen);
if (s < 0) {
perror("ftp: connect");
(void) close(data), data = -1;
return (NULL);
}
I thought that these would be the only changes neccessary. To summarize:
1) my ftp program asks the remote machine's rftpd to go into passive mode.
2) It responds with a line like:
227 Entering Passive Mode (192,48,96,9,16,91)
3) I use the returned value to set the connect address to 192.48.96.9 port 4187.
4) I connect to that port to do the data transfer.
That's how I thought it worked, but the data transfer always times out waiting
for the connection:(
Does anyone have any idea what's wrong here? Has someone out there done that
before? Reading RFC 959 FILE TRANSFER PROTOCOL (FTP) seems to tell me that
I can do this, but it doesn't work:(
In debugging I've watched the correct conversion of the address returned as
the response from the PASV command. I've watched the PORT command work to
tell the other end who I am (is port neccessary when I'm doing the connect?
I've tried it with and without the PORT),
I even took out the "socksification", and tried the pasv to a local inside
the firewall machine and that didn't work. A really weird thing, is that
if I do the PASV, but leave the implementation otherwise untouched, i.e. I
do the listen and accept, then it works internally (i.e. not through the
firewall), I thought that would fail, but apparently after the PASV with a
successful return code, the other guy still did a connect for the data
connection! Was it the PORT that overruled the PASV? hmmmm...I'm out of
ideas:(
HELP!!!:)
Patrick
These opinions are mine, and not Amdahl's (except by coincidence;).
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
/ | | (\ \
| Patrick J. Horgan | Amdahl Corporation | \\ Have |
| pjh70 @
eng .
amdahl .
com | 1250 East Arques Avenue | \\ _ Sword |
| Phone : (408)992-2779 | P.O. Box 3470 M/S 253 | \\/ Will |
| FAX : (408)773-0833 | Sunnyvale, CA 94088-3470 | _/\\ Travel |
\ | | \) /
~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~
Follow-Ups:
|
|
