Opened 6 months ago

#13100 new Bug report

Prefer EPSV mode over PASV

Reported by: Fr0sT Owned by:
Priority: normal Component: FileZilla Client
Keywords: Cc:
Component version: 3.67.0 Operating system type: Windows
Operating system version: 7

Description

Would be nice if FZ preferred EPSV command over PASV to handle complicated network setups where IP reported in answer to PASV could be incorrect.

Here's the log of trying to connect to a server (FZ 3.67.0 @ Windows => vsftpd 3.0.3 @ Debian)

15:51:10	Status:	Connecting to 172.1.2.3:21...
15:51:10	Status:	Connection established, waiting for welcome message...
15:51:10	Response:	220 Welcome to FTP service
15:51:10	Command:	AUTH TLS
15:51:10	Response:	530 Please login with USER and PASS.
15:51:10	Command:	AUTH SSL
15:51:10	Response:	530 Please login with USER and PASS.
15:51:10	Status:	Insecure server, it does not support FTP over TLS.
15:51:10	Command:	USER ftp
15:51:10	Response:	331 Please specify the password.
15:51:10	Command:	PASS **********
15:51:11	Response:	230 Login successful.
15:51:11	Command:	SYST
15:51:11	Response:	215 UNIX Type: L8
15:51:11	Command:	FEAT
15:51:11	Response:	211-Features:
15:51:11	Response:	 EPRT
15:51:11	Response:	 EPSV
15:51:11	Response:	 MDTM
15:51:11	Response:	 PASV
15:51:11	Response:	 REST STREAM
15:51:11	Response:	 SIZE
15:51:11	Response:	 TVFS
15:51:11	Response:	211 End
15:51:11	Status:	Server does not support non-ASCII characters.
15:51:11	Status:	Logged in
15:51:12	Status:	Retrieving directory listing...
15:51:12	Command:	PWD
15:51:12	Response:	257 "/" is the current directory
15:51:12	Command:	TYPE I
15:51:12	Response:	200 Switching to Binary mode.
15:51:12	Command:	PASV
15:51:12	Response:	227 Entering Passive Mode (172,17,0,2,39,156).
15:51:12	Command:	LIST
15:51:22	Response:	425 Failed to establish connection.

Note that server reports another IP because of network config. This issue won't happen with EPSV command as the main IP would be used for data connection.

Any of these options would help:

  • Always prefer EPSV over PASV
  • Make it optional (server-level or app-level)
  • Try EPSV if IP reported by PASV is unreachable
  • Try IP of control channel if IP reported by PASV is unreachable (this, I guess, is cool option anyway because it could bypass many issues with improperly configured FTP servers)

Change History (0)

Note: See TracTickets for help on using tickets.