By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,851 Members | 1,111 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,851 IT Pros & Developers. It's quick & easy.

ftplib question (cannot open data connection)

P: n/a

Hi All,

I'm using a simple program that uploads a file on a remote ftp server.
This is an example (not the whole program):
def store(self,hostname,username,password,destdir,srcp ath):
self.ftp = ftplib.FTP(hostname)
self.ftp.login(username,password)
self.ftp.set_pasv(False)
self.ftp.cwd(destdir)
fobj = file(srcpath,"rb")
destname = os.path.split(srcpath)[1]
self.ftp.storbinary("STOR "+destname,fobj)
The ftp server cannot use passive connections, and I can do nothing
about that. Here is the problem: I can connect to this ftp server from
my home computer, which is behind a NAT firewall. I can also connect to
it from another computer, but I'm not able to upload any file. I tried
to debug with a simple "ftp -v -d" command line program and apparently
the problem is with the "EPRT" command:

ftpls
---EPRT |1|195.228.74.135|55749|
200 Port command successful.
---LIST
425 Cannot open data connection.
ftp>

Well, the port number given by EPRT is bad - it is a closed port on this
computer. I can open a small port range for this, but I would not like
to open all ports and disable the firewall completely.

Here are my questions:

1. How can I instruct ftplib to use specific ports for incoming
connections? (For example, ports between 55000 and 56000).
2. How it is possible that the same program works from another computer
that is behind a NAT firewall?

Thanks,

Laszlo

Jan 11 '08 #1
Share this Question
Share on Google+
1 Reply


P: n/a
BUT: active FTP does not just send the data to the port that was in
the random port that was sent to the server... it addresses to the port
you sent, but it sends its data response FROM port 20. This means the
response looks like a totally unsolicited connection attempt from the
outside -- the firewall doesn't even have enough information to
determine which machine (if multiple) inside the firewall should be
receiving the data; since the server is sending the data stream on its
port 20 and there is no active connection for server:20 to ANY
client:????
Yes, I know. But it DOES work from inside my NAT network. I have no clue
how. I'm sure that it is using active connections because this server
cannot use passive mode. It might be a very clever firewall that does
packet sniffing for "ftp PORT" commands. (?) Anyway, the problem is not
with this computer, it was a counter-example.
Even if you could tell the firewall to let in connections on
the specified port, the NAT tables won't know what inside IP to
translate the inbound server port 20...
It does not need to. I can reconfigure the firewall to directly forward
all incoming TCP connections from a specified port range to a given IP
inside the internal network. But I do not even need to do that. The
problem is with a computer that is NOT behind NAT. It is a single
computer connected directly to the internet, but it has a firewall
installed. So everything would be fine except one thing: I should tell
ftplib which port(s) to open, and open those ports on my firewall. For
example, I can open TCP ports between 50000 and 60000, and then tell
ftplib to use ports between 50000 and 60000 in PORT and EPRT commands.
How can I do that? If that is not possible, then what is the workaround?
(Definitely I do not want to turn off the firewall completely on a
production server.)
Passive mode turns this around.
Yep, but this ftp server cannot use passive mode and I cannot change this.

And finally, if this cannot be done in ftplib, then I would like to
suggest to add this method to Ftp objects. :-)

Best,

Laszlo

Jan 13 '08 #2

This discussion thread is closed

Replies have been disabled for this discussion.