471,330 Members | 1,851 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,330 software developers and data experts.

ftplib question (cannot open data connection)

Hi All,

I'm using a simple program that uploads a file on a remote ftp server.
This is an example (not the whole program):
def store(self,hostname,username,password,destdir,srcp ath):
self.ftp = ftplib.FTP(hostname)
fobj = file(srcpath,"rb")
destname = os.path.split(srcpath)[1]
self.ftp.storbinary("STOR "+destname,fobj)
The ftp server cannot use passive connections, and I can do nothing
about that. Here is the problem: I can connect to this ftp server from
my home computer, which is behind a NAT firewall. I can also connect to
it from another computer, but I'm not able to upload any file. I tried
to debug with a simple "ftp -v -d" command line program and apparently
the problem is with the "EPRT" command:

---EPRT |1||55749|
200 Port command successful.
425 Cannot open data connection.

Well, the port number given by EPRT is bad - it is a closed port on this
computer. I can open a small port range for this, but I would not like
to open all ports and disable the firewall completely.

Here are my questions:

1. How can I instruct ftplib to use specific ports for incoming
connections? (For example, ports between 55000 and 56000).
2. How it is possible that the same program works from another computer
that is behind a NAT firewall?



Jan 11 '08 #1
1 3807
BUT: active FTP does not just send the data to the port that was in
the random port that was sent to the server... it addresses to the port
you sent, but it sends its data response FROM port 20. This means the
response looks like a totally unsolicited connection attempt from the
outside -- the firewall doesn't even have enough information to
determine which machine (if multiple) inside the firewall should be
receiving the data; since the server is sending the data stream on its
port 20 and there is no active connection for server:20 to ANY
Yes, I know. But it DOES work from inside my NAT network. I have no clue
how. I'm sure that it is using active connections because this server
cannot use passive mode. It might be a very clever firewall that does
packet sniffing for "ftp PORT" commands. (?) Anyway, the problem is not
with this computer, it was a counter-example.
Even if you could tell the firewall to let in connections on
the specified port, the NAT tables won't know what inside IP to
translate the inbound server port 20...
It does not need to. I can reconfigure the firewall to directly forward
all incoming TCP connections from a specified port range to a given IP
inside the internal network. But I do not even need to do that. The
problem is with a computer that is NOT behind NAT. It is a single
computer connected directly to the internet, but it has a firewall
installed. So everything would be fine except one thing: I should tell
ftplib which port(s) to open, and open those ports on my firewall. For
example, I can open TCP ports between 50000 and 60000, and then tell
ftplib to use ports between 50000 and 60000 in PORT and EPRT commands.
How can I do that? If that is not possible, then what is the workaround?
(Definitely I do not want to turn off the firewall completely on a
production server.)
Passive mode turns this around.
Yep, but this ftp server cannot use passive mode and I cannot change this.

And finally, if this cannot be done in ftplib, then I would like to
suggest to add this method to Ftp objects. :-)



Jan 13 '08 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Kevin Ollivier | last post: by
5 posts views Thread by Richard Lewis | last post: by
2 posts views Thread by Harlin Seritt | last post: by
1 post views Thread by | last post: by
5 posts views Thread by John Salerno | last post: by
6 posts views Thread by half.italian | last post: by
1 post views Thread by rahultandon | last post: by
1 post views Thread by Jon Bowlas | last post: by
2 posts views Thread by fepeacock | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.