Opened 15 months ago
Last modified 11 months ago
#12991 new Bug report
Passive Transfers Fail When Client Has CGNAT IP — at Version 1
| Reported by: | John Hossbach | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Server |
| Keywords: | passive transfer PASV CGNAT | Cc: | |
| Component version: | 1.7.3 | Operating system type: | Windows |
| Operating system version: | Server 2019 |
Description (last modified by )
Reference: my original forum post
In my server config, I'm using a hostname to provide the correct external IP for passive transfers. I also have the "Use the default host for local connections" option enabled. This works great for the private network address space, however, it does not recognize the Carrier-grade NAT (CGNAT) address space, which is also non-Internet-routable IP space. Can we please get 100.64.0.0/10 added to the exception list? I've confirmed this is still a problem with FileZilla Server 1.7.3.
Not recognizing this CGNAT space results in failed passive transfers and the following error:
Data peer IP [A.B.C.D] differs from control peer IP [100.x.x.x]: this shouldn't happen, aborting the data connection.
What's happening here is that the CGNAT address space is being treated as a non-local connection and is being sent the "public" IP (resolved from the hostname provided) in the 227 response. Instead, CGNAT address space should be treated the same as private network address space and the 227 response should have the server's IP.
