Changes between Version 1 and Version 2 of Ticket #12991, comment 6


Ignore:
Timestamp:
Oct 4, 2023, 5:12:40 PM (15 months ago)
Author:
John Hossbach

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #12991, comment 6

    v1 v2  
    11> This is completely unrelated to the address type.
    22
    3 When the "Use the default host for local connections" option is enabled, the behavior of FZS that I've witnessed is that when the client IP is in private address space (10, 172, 192), the passive 227 response uses the server's IP.  When the client IP is anything else, the passive 227 response uses the IP of the resolved hostname provided in the config.  Unfortunately, this breaks passive connections where the client IP is in the CGNAT address space.
     3When the "Use the default host for local connections" option is enabled, the behavior of FZS that I've witnessed is that when the client IP is in private address space (10, 172, 192.168), the passive 227 response uses the server's IP.  When the client IP is anything else, the passive 227 response uses the IP of the resolved hostname provided in the config.  Unfortunately, this breaks passive connections where the client IP is in the CGNAT address space.
    44----
    55> To mitigate data connection stealing attacks (to fully prevent this, TLS session resumption must be used), FileZilla Server requires that the peer IP address of the control connection is the very same as the peer connection of the data connection.