Opened 2 months ago
Add an option to allow specifying different IP addresses for FTP and for FTPS
|Reported by:||andyb||Owned by:|
|Keywords:||pasv passive external ip||Cc:|
|Component version:||0.90.60||Operating system type:||Windows|
|Operating system version:||Windows Server 2019|
There is a very old closed ticket on this: https://trac.filezilla-project.org/ticket/4050
I hope it's ok to bring this up again.
Some or many routers do behave as follows:
- they change the FTP server PASV response, they change the internal IP to the external IP, so the FTP client gets the correct IP reported.
- for some reason they reject the response when the external IP is specified in the FTP server response.
With this given behavior, unsecure FTP works correct when the internal IP is entered in the Passive mode settings in FileZilla Server Options.
But FTPS and FTP can not work correctly with the same settings:
- When i specify the internal IP then on FTPS the wrong IP is reported to the FTP client because the router cannot change the internal to external IP in the PASV response when the response is encrypted.
- When i specify the external IP then FTPS works correct, but unsecure FTP stops working because the client does not get the response.
I tested Cerberus FTP Server to figure out whether it's a FileZilla FTP server error, or whether the issue is on my side, or somewhere in the OS or hardware etc.
I had the same issue when i entered the external IP in this FTP server.
On research, i found then this note at https://support.cerberusftp.com/hc/en-us/articles/360000043619-How-to-Setup-a-File-Server-with-Cerberus-FTP-Server
Some routers inspect FTP traffic and do not allow the public IP address to be passed in the response for the PASV command.
Those routers expect the internal IP address to be used.
The solution (workaround) in this FTP server (also in tested ServU FTP server) is to specify the external IP only for FTPS.
Please add an option to allow specifying different IP addresses for FTP and for FTPS.
The two commercial FTP servers which i tested have such options, they supply a workaround for this bad behavior of routers.
I cannot use another router, my FTP server runs on a VM in the cloud (VMWare).
And i don't want to buy a commercial FTP server.
So i would appreciate to can solve (workaround) the issue in FileZilla Server.
I know FTP clients can handle wrong IP addresses in the PASV response, but i don't want to rely that all FTP client applications and all FTP client libraries work with misconfigured FTP servers.