 |
BorlandTalk.com
Borland discussion newsgroups
|
| View previous topic :: View next topic |
| Author |
Message |
ThunderForest
Guest
|
 Posted: Thu May 10, 2007 7:49 pm Post subject: Indy 10 SSL FTP |
 |
|
Googled-out. Hope you can help. Using the Indy 10 components, I have developed an SSL-FTP Delphi console app that will execute all standard FTP commands in passive mode. I also use IdSSLIOHandlerSocketOpenSSL as the IOHandler, and IdLogEvent as the intercept. The FTP server is IpSwitch WS-FTP. The utility works very well - inside the LAN. From outside the LAN, e.g., WorkStation->Firewall w/NAT enabled->Internet->Firewall w/NAT enabled->Our FTP Server, the utility hangs when attempting to execute anything requiring a data port, i.e., list, copy, etc. I have also tried active mode and will receive the 425 Can't open data connection error. No problem connecting, or retrieving the current directory, or with control port commands. Out network administrator says everything is configured correctly on the LANs, and I tend to agree because another commercial FTP utility (MoveIt Freely) works. The utility I developed uses the same command line parameters the MoveIt Freely utility uses, with one exception, which is where I think the problem lies:
"The -natpasv parameter tells MOVEit Freely to ignore the IP address specified by the FTP server when the FTP server tells Freely to make a data connection in passive mode. Instead, when this parameter is specified, MOVEit Freely will connect to the IP address that it used to make the control connection."
Indy says in their online help:
"We do not recommend placing a FTP server using SSL behind a NAT at all. The NAT can not translate the IP address given as a reply to the PASV command on the control connection into an address that works outside of the internal network."
My question is what am I missing here? It seems obvious that it can be done. Is it neccessary that I must use the Indy 10 FTP server component in conjunction with the Indy 10 FTP Client? I haven't tried this, but am reluctant to do so because my client would be very reluctant to change their FTP server configuration. Thanks for any assistance. |
|
| Back to top |
|
 |
Eugene Mayevski
Guest
|
| Posted: Thu May 10, 2007 8:08 pm Post subject: Re: Indy 10 SSL FTP |
|
|
Hello!
You wrote on 10 May 2007 07:49:23 -0700:
T> "The -natpasv parameter tells MOVEit Freely to ignore the IP address
T> specified by the FTP server when the FTP server tells Freely to make a
T> data connection in passive mode. Instead, when this parameter is
T> specified, MOVEit Freely will connect to the IP address that it used to
T> make the control connection."
Some servers are indeed placed behind the NAT and some NATs don't handle FTP
traffic correctly, i.e. don't change the address reported by the server. In
this case it's a client's job to replace the address reported by the server
for the data channel with the actual server address (taken from the command
channel). I don't know if Indy has such option, - in our FTPS component we
offer such option.
With best regards,
Eugene Mayevski
http://www.SecureBlackbox.com - the comprehensive component suite for
network security |
|
| Back to top |
|
|
Remy Lebeau (TeamB)
Guest
|
| Posted: Thu May 10, 2007 11:30 pm Post subject: Re: Indy 10 SSL FTP |
|
|
"ThunderForest" <Donnewald (AT) YaHoo (DOT) Com> wrote in message
news:464330f3$1 (AT) newsgroups (DOT) borland.com...
| Quote: | "The -natpasv parameter tells MOVEit Freely to ignore the IP
address specified by the FTP server when the FTP server tells
Freely to make a data connection in passive mode. Instead,
when this parameter is specified, MOVEit Freely will connect to
the IP address that it used to make the control connection."
|
In the TIdFTP.OnDataChannelCreate event, you can change the Host that
is used when the passive socket is connected. For example:
procedure TForm1.IdFTP1DataChannelCreate(ASender: TIdBaseObject;
ADataChannel: TIdTCPConnection);
begin
if (ADataChannel is TIdTCPClient) and (should use control
connection host) then
TIdTCPClient(ADataChannel).Host := IdFTP1.Host;
end;
| Quote: | Is it neccessary that I must use the Indy 10 FTP server
component in conjunction with the Indy 10 FTP Client?
|
No.
Gambit |
|
| Back to top |
|
|
Remy Lebeau (TeamB)
Guest
|
| Posted: Fri May 11, 2007 12:00 am Post subject: Re: Indy 10 SSL FTP |
|
|
"Remy Lebeau (TeamB)" <no.spam (AT) no (DOT) spam.com> wrote in message
news:464364b9 (AT) newsgroups (DOT) borland.com...
| Quote: | In the TIdFTP.OnDataChannelCreate event, you can change the
Host that is used when the passive socket is connected.
|
I have just added a new PassiveUseControlHost property to the current
10.1.6 snapshot. Wait a day or so for the mirrors to catch up, and
then you can download it.
Gambit |
|
| Back to top |
|
|
ThunderForest
Guest
|
| Posted: Fri May 11, 2007 12:12 am Post subject: Re: Indy 10 SSL FTP |
|
|
"Remy Lebeau \(TeamB\)" <no.spam (AT) no (DOT) spam.com> wrote:
| Quote: |
"Remy Lebeau (TeamB)" <no.spam (AT) no (DOT) spam.com> wrote in message
news:464364b9 (AT) newsgroups (DOT) borland.com...
In the TIdFTP.OnDataChannelCreate event, you can change the
Host that is used when the passive socket is connected.
I have just added a new PassiveUseControlHost property to the current
10.1.6 snapshot. Wait a day or so for the mirrors to catch up, and
then you can download it.
Gambit
|
You Rock! |
|
| Back to top |
|
|
ThunderForest
Guest
|
| Posted: Fri May 11, 2007 8:25 pm Post subject: Re: Indy 10 SSL FTP |
|
|
Gambit,
Just want you to know that PassiveUseControlHost worked beautifully. Thank you for your efforts.
"ThunderForest" <Donnewald (AT) YaHoo (DOT) Com> wrote:
| Quote: |
Googled-out. Hope you can help. Using the Indy 10 components, I have developed an SSL-FTP Delphi console app that will execute all standard FTP commands in passive mode. I also use IdSSLIOHandlerSocketOpenSSL as the IOHandler, and IdLogEvent as the intercept. The FTP server is IpSwitch WS-FTP. The utility works very well - inside the LAN. From outside the LAN, e.g., WorkStation->Firewall w/NAT enabled->Internet->Firewall w/NAT enabled->Our FTP Server, the utility hangs when attempting to execute
anything requiring a data port, i.e., list, copy, etc. I have also tried active mode and will receive the 425 Can't open data connection error. No problem connecting, or retrieving the current directory, or with control port commands. Out network administrator says everything is configured correctly on the LANs, and I tend to agree because another commercial FTP utility (MoveIt Freely) works. The utility I developed uses the same command line parameters the MoveIt Freely utility uses, with one
exception, which is where I think the problem lies:
"The -natpasv parameter tells MOVEit Freely to ignore the IP address specified by the FTP server when the FTP server tells Freely to make a data connection in passive mode. Instead, when this parameter is specified, MOVEit Freely will connect to the IP address that it used to make the control connection."
Indy says in their online help:
"We do not recommend placing a FTP server using SSL behind a NAT at all. The NAT can not translate the IP address given as a reply to the PASV command on the control connection into an address that works outside of the internal network."
My question is what am I missing here? It seems obvious that it can be done. Is it neccessary that I must use the Indy 10 FTP server component in conjunction with the Indy 10 FTP Client? I haven't tried this, but am reluctant to do so because my client would be very reluctant to change their FTP server configuration. Thanks for any assistance.
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
