passive FTP to Zope with a specified port-range
Hi, I'm trying to modify the zope ftp-access to specify a port range within the server selects the ports for the passive ftp communication with the ftp-clients. This is in order to have the Zope server behind a firewall blocking more then the privileged ports only. I managed to modify the passive_acceptor within the medusa ftp server file. The problem I have is that certain FTP clients (e.g. gftp) close there connection because of messages coming from the server. The code I have modified is in /usr/lib/zope/ZServer/medusa/ftp_server.py class passive_acceptor (asyncore.dispatcher): ready = None def __init__ (self, control_channel): # connect_fun (conn, addr) asyncore.dispatcher.__init__ (self) self.control_channel = control_channel self.create_socket (socket.AF_INET, socket.SOCK_STREAM) to=open('/tmp/zope.log','a') for i in range(10000,11000): # bind to an address on the interface that the # control connection is coming from. to.write("ftp connection - port %d\n"%i) bres = self.bind (( self.control_channel.getsockname()[0], i )) to.write("ftp connection - bind:"+`bres`+"\n") if bres == None : break self.addr = self.getsockname() self.listen (1) to.close() Accessing the Zope-server through a firewall that has only the ports 10000 to 11000 open using gftp allows the firs connection but disconnects with an error message when I change the directory. The error message is: 451 Server Error: socket.error, (98,'Address already in use'): file: /usr/lib/zope/ZServer/medusa/asyncore.py line: 250 Do you have any hints on this? Thanks and Best Regards Tobias -- --------------------------------------------------------------------- Tobias Schiebeck tobias.schiebeck@man.ac.uk International AVS Centre Manchester Visualization Centre http://www.iavsc.org tel: (+44) 161-275-6870 ---------------------------------------------------------------------
Mr Tobias Schiebeck wrote:
451 Server Error: socket.error, (98,'Address already in use'): file: /usr/lib/zope/ZServer/medusa/asyncore.py line: 250
Do you have any hints on this?
Sadly not, but if you get this working, please lemme know, this owuld be very cool :-) cheers, Chris
Mr Tobias Schiebeck wrote:
Hi,
I'm trying to modify the zope ftp-access to specify a port range within the server selects the ports for the passive ftp communication with the ftp-clients. This is in order to have the Zope server behind a firewall blocking more then the privileged ports only.
I managed to modify the passive_acceptor within the medusa ftp server file. The problem I have is that certain FTP clients (e.g. gftp) close there connection because of messages coming from the server.
The code I have modified is in
/usr/lib/zope/ZServer/medusa/ftp_server.py
class passive_acceptor (asyncore.dispatcher): ready = None
def __init__ (self, control_channel): # connect_fun (conn, addr) asyncore.dispatcher.__init__ (self) self.control_channel = control_channel self.create_socket (socket.AF_INET, socket.SOCK_STREAM) to=open('/tmp/zope.log','a') for i in range(10000,11000): # bind to an address on the interface that the # control connection is coming from. to.write("ftp connection - port %d\n"%i) bres = self.bind (( self.control_channel.getsockname()[0], i )) to.write("ftp connection - bind:"+`bres`+"\n") if bres == None : break self.addr = self.getsockname() self.listen (1) to.close()
Accessing the Zope-server through a firewall that has only the ports 10000 to 11000 open using gftp allows the firs connection but disconnects with an error message when I change the directory.
The error message is:
451 Server Error: socket.error, (98,'Address already in use'): file: /usr/lib/zope/ZServer/medusa/asyncore.py line: 250
Do you have any hints on this?
Thanks and Best Regards
Tobias
passive ftp through a firewall ? you still need to have a whole range of ports opened so what's the point. FTP sucks and should be illegal. you could solve the same problem using sftp (which is more secure but moreover, just uses 1 connection) and a FSDirectoryview. have fun, Sloot.
I really dont understand the code, but seems like you are "opening" an already "open" connection. If I'm talking s... so /dev/null anTONIo Mr Tobias Schiebeck wrote:
Hi,
I'm trying to modify the zope ftp-access to specify a port range within the server selects the ports for the passive ftp communication with the ftp-clients. This is in order to have the Zope server behind a firewall blocking more then the privileged ports only.
I managed to modify the passive_acceptor within the medusa ftp server file. The problem I have is that certain FTP clients (e.g. gftp) close there connection because of messages coming from the server.
The code I have modified is in
/usr/lib/zope/ZServer/medusa/ftp_server.py
class passive_acceptor (asyncore.dispatcher): ready = None
def __init__ (self, control_channel): # connect_fun (conn, addr) asyncore.dispatcher.__init__ (self) self.control_channel = control_channel self.create_socket (socket.AF_INET, socket.SOCK_STREAM) to=open('/tmp/zope.log','a') for i in range(10000,11000): # bind to an address on the interface that the # control connection is coming from. to.write("ftp connection - port %d\n"%i) bres = self.bind (( self.control_channel.getsockname()[0], i )) to.write("ftp connection - bind:"+`bres`+"\n") if bres == None : break self.addr = self.getsockname() self.listen (1) to.close()
Accessing the Zope-server through a firewall that has only the ports 10000 to 11000 open using gftp allows the firs connection but disconnects with an error message when I change the directory.
The error message is:
451 Server Error: socket.error, (98,'Address already in use'): file: /usr/lib/zope/ZServer/medusa/asyncore.py line: 250
Do you have any hints on this?
Thanks and Best Regards
Tobias
On 2 Aug 2002 at 11:53, Mr Tobias Schiebeck wrote:
I'm trying to modify the zope ftp-access to specify a port range within the server selects the ports for the passive ftp communication with the ftp-clients. This is in order to have the Zope server behind a firewall blocking more then the privileged ports only.
This feature has already been added to Zope 2.6 as a patch. I originally added it to Zope 2.5, so I think you can just copy the 2.6 ftp_server from CVS and drop it into your current Zope to get it to work. Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax AOL-IM: BKClements
Hi Brad, On Fri, 2002-08-02 at 15:26, Brad Clements wrote:
On 2 Aug 2002 at 11:53, Mr Tobias Schiebeck wrote:
I'm trying to modify the zope ftp-access to specify a port range within the server selects the ports for the passive ftp communication with the ftp-clients. This is in order to have the Zope server behind a firewall blocking more then the privileged ports only.
This feature has already been added to Zope 2.6 as a patch.
I originally added it to Zope 2.5, so I think you can just copy the 2.6 ftp_server from CVS and drop it into your current Zope to get it to work.
I tried to backport this feature into Zope 2.5 but had not much luck with it. Using this patch trough a firewall does not work properly, as the server in the end uses the fall-back situation using bind without a specified port. This means in the end the server allocates a port which is again outside the provided port-range and therefore blocked by the firewall. It seems I have to open the unpriviliged ports on the Zope server. -- --------------------------------------------------------------------- Tobias Schiebeck tobias.schiebeck@man.ac.uk International AVS Centre Manchester Visualization Centre http://www.iavsc.org tel: (+44) 161-275-6870 ---------------------------------------------------------------------
participants (5)
-
Antonio Orlando -
Brad Clements -
Chris Withers -
Mr Tobias Schiebeck -
Romain Slootmaekers