| Dart Home | PowerTCP FTP for .NET | Custom Development | Reply | PowerTCP FTP for .NET Topics | Forums |
| Author | Forum: PowerTCP FTP for .NET Topic: FTP SSL problem client behind firewall |
| amihlfried From: West Mifflin, PA USA Posts: 9 Member Since: 11/30/04 |
posted November 30, 2004 2:09 PM I wanted to know if it would be possible to solve this problem. I'm not asking how to do it, but there wasn't a way to configure my FTP client to do it. We're behind a firewall that only allows incoming port 80 and 443 requests. We need to connect to a FTP SSL server. We cannot change the firewall settings or change the FTP server we're connecting to. We can connect to a regular FTP server, just not one that wants to send a certficate back. Is there functionality available in the PowerTCP classes that would allow us to interact with this other server? |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted November 30, 2004 2:45 PM Did you try setting Passive to True and False? If neither work, then the server is behind a firewall as well, in which case you can't use SecureFTP with a lot of complicated port management that from what you say, you can't do anyway. The reason it's such a pain is that firewalls need to monitor the traffic on the FTP control connection to determine which ports to open up for the data connection. When using SSL, the firewall can't do this, so the data transmission fails. If all you are worried about is Passwords, and you can use both our client and a server written with our SecureFtpServer control, then you could use the "Firewall Ready" protocol which uses encryption on the password only. |
| amihlfried From: West Mifflin, PA USA Posts: 9 Member Since: 11/30/04 |
posted November 30, 2004 4:40 PM I did try passive set to true and false and it didn't work. I believe we are both behind firewalls. However does Passive mode work to solve a firewall on the client side or the server side? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted November 30, 2004 4:59 PM When the Server or Client wants to establish the data connection, whichever side is "active" (not passive) sends the following response: 227 Entering Passive Mode (192,168,0,10,195,133) In this case the server is saying "Connect to me on IP address 192.168.0.10 on port 50053" (The port is determined from the last two numbers in the group - 195 * 256 + 133) Now, if there is firewall on the server side, it intercepts this data, replaces the IP with the IP that is seen on the outside, and opens up port 50053 temporarily. When the other side gets the response, the IP is the correct value for outside the firewall. With an SSL connection, the server can't see the data so it can't replace it. I'm not sure but I think most people who run SSL Ftp servers have the server outside the firewall. |
| amihlfried From: West Mifflin, PA USA Posts: 9 Member Since: 11/30/04 |
posted November 30, 2004 5:08 PM Thanks for your replies! So you're saying if the FTP server is outside a firewall, then sending the Passive command from the client side should work? If the "passive" command is set on the client, does that mean the client is passive or requesting the server to be passive? |
| Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted November 30, 2004 5:13 PM Yes, that's what I am saying. |
| amihlfried From: West Mifflin, PA USA Posts: 9 Member Since: 11/30/04 |
posted December 23, 2004 1:55 PM We got this working only by working on the firewall, multiple configurations of ftp clients wouldn't solve this problem. Just and update for anyone that runs into something similar - the answer is to change the firewall settings. |
| Reply | PowerTCP FTP for .NET Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|