Outbound port on sockets

Steve Holden steve at holdenweb.com
Fri Sep 15 13:53:09 EDT 2006 

Grant Edwards wrote:
> On 2006-09-15, Sergei Organov <osv at javad.com> wrote:
> 
> 
>>>>>It's not the issue here, but to specify the outgoing port
>>>>>call bind(('', portnum)) before connect().
> 
> 
>>>It's an interesting thing to know, but I've been doing TCP
>>>stuff for many years and never run across a situation where
>>>it's something I needed to do.  If somebody in this thread
>>>actually does need to do it, I'd be curious bout why...
>>
>>Well, one of ftpd implementations I have here (C code from RTEMS) does
>>this:
>>
>>      /* anchor socket to avoid multi-homing problems */
>>      data_source = info->ctrl_addr;
>>      data_source.sin_port = htons(20); /* ftp-data port */
>>      if(bind(s, (struct sockaddr *)&data_source, sizeof(data_source)) < 0)
>>        ERROR;
>>      ...
>>      if(connect(s,
>>          (struct sockaddr *)&info->def_addr,
>>          sizeof(struct sockaddr_in)) < 0
>>      )
>>        ERROR;
>>
>>I've no idea what "multi-homing problems" are, but maybe it gives you
>>some hint?
> 
> 
> I don't know what "multi-homing problems are either".
> Apparently there must be some ftp clients that require the
> source port for the data connection to be port 20.
> 
> The RFC is pretty vague. It does say the server and clinet but
> must "support the use of the default data port [port 20]" or
> something like that. But, it's not all all clear to me what
> that is supposed to mean.  My reading is that they must support
> the default port as the destination port for a data connection
> untill it's been changed by receipt of a PORT command.
> 
> But, like I said, is very vague, and I suppose some client
> implementor could have read it as the server must use the
> default data port as the source port for a data connection.

Standard (port-mode) FTP has the client send a PORT command to the 
server when data transfer is required. The server then makes a 
connection to the indicated port from its own port 20. If you look in 
/etc/services you'll likely see that port 21 is identified as "ftp" or 
"ftp-control" and 20 as "ftp-data".

Passive mode was introduced so that the server is not required to make a 
connection inbound to the client, as more and more firewalls were 
interposed at the perimeter of networks, blocking the inbound requests 
to clients from servers.

I suspect that the reason for the comment is simply that the connection 
out from the server is being bound to the same interface (*IP address*) 
that the inbound request arrived on. That way it's less likely that the 
data stream will be routed differently from the control (port 21) stream.

regards
  Steve
-- 
Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC/Ltd          http://www.holdenweb.com
Skype: holdenweb       http://holdenweb.blogspot.com
Recent Ramblings     http://del.icio.us/steve.holden

More information about the Python-list mailing list