[Zope-dev] passive FTP to Zope with a specified port-range

Romain Slootmaekers romain@zzict.com
Fri, 02 Aug 2002 14:51:12 +0200


Mr Tobias Schiebeck wrote:
> Hi,
> 
> I'm trying to modify the zope ftp-access to specify a port range 
> within the server selects the ports for the passive ftp communication
> with the ftp-clients. This is in order to have the Zope server behind
> a firewall blocking more then the privileged ports only. 
> 
> I managed to modify the passive_acceptor within the medusa ftp server
> file. The problem I have is that certain FTP clients (e.g. gftp) 
> close there connection because of messages coming from the server.
> 
> The code I have modified is in 
> 
>    /usr/lib/zope/ZServer/medusa/ftp_server.py
> 
> class passive_acceptor (asyncore.dispatcher):
> 	ready = None
> 
> 	def __init__ (self, control_channel):
> 		# connect_fun (conn, addr)
> 		asyncore.dispatcher.__init__ (self)
> 		self.control_channel = control_channel
> 		self.create_socket (socket.AF_INET, socket.SOCK_STREAM)
> 		to=open('/tmp/zope.log','a')
> 		for i in range(10000,11000): 
> 			# bind to an address on the interface that the
> 			# control connection is coming from.
> 			to.write("ftp connection - port %d\n"%i)
> 			bres = self.bind ((
> 				self.control_channel.getsockname()[0],
> 				i
> 				))
> 			to.write("ftp connection - bind:"+`bres`+"\n")
> 			if bres == None :
> 				break
> 		self.addr = self.getsockname()
> 		self.listen (1)
> 		to.close()
> 
> Accessing the Zope-server through a firewall that has only the ports
> 10000 to 11000 open using gftp allows the firs connection but 
> disconnects with an error message when I change the directory.
> 
> The error message is:
> 
> 451 Server Error: socket.error, (98,'Address already in use'): file:
> /usr/lib/zope/ZServer/medusa/asyncore.py line: 250
> 
> Do you have any hints on this?
> 
> Thanks and Best Regards
> 
> Tobias
>
passive ftp through a firewall ?
you still need to have a whole range of ports opened so what's the 
point. FTP sucks and should be illegal.

you could solve the same problem using sftp (which is more secure but 
moreover,
just uses 1 connection) and a FSDirectoryview.

have fun,

Sloot.